CVE-2020-7547

A CWE-284: Improper Access Control vulnerability exists in EcoStruxure and SmartStruxure Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
schneider-electricecostruxure_energy_expert
2.0
schneider-electricecostruxure_power_monitoring_expert
7.0
schneider-electricecostruxure_power_monitoring_expert
8.0
schneider-electricecostruxure_power_monitoring_expert
9.0
schneider-electricpower_manager
1.1
schneider-electricpower_manager
1.2
schneider-electricpower_manager
1.3
schneider-electricpowerscada_expert_with_advanced_reporting_and_dashboards
8.0
schneider-electricpowerscada_operation_with_advanced_reporting_and_dashboards
9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/