Incorrect Authorization in U.motion Servers and Touch Panels by Schneider Electric
CVE-2020-7499

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: U.motion Servers And Touch Panels (affected Versions Listed In The Security Notification)
Vendor: CVE Published:; 16 June 2020

Summary

An incorrect authorization vulnerability affects U.motion Servers and Touch Panels, where low-privileged users can exploit the system to make unauthorized changes. This flaw poses serious risks as it allows individuals with minimal access permissions to manipulate settings or data within the system, potentially leading to further security breaches. Proper controls and validation checks are necessary to mitigate such vulnerabilities and protect the integrity of the affected products.

Affected Version(s)

U.motion Servers and Touch Panels (affected listed in the security notification) U.motion Servers and Touch Panels (affected versions listed in the security notification)

References

https://www.se.com/ww/en/download/document/SEVD-2020-133-03/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Jan 21, 2020