Open Redirect Vulnerability in Schneider Electric Software Update
CVE-2020-7520

4.7MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Schneider Electric Software Update (sesu) V2.4.0 And Prior.
Vendor: CVE Published:; 23 July 2020

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2020-7520?

A vulnerability in Schneider Electric Software Update allows attackers with privileged access to modify registry keys, redirecting software update traffic through malicious servers. This redirection can lead to execution of unauthorized code on the victim's system, potentially compromising sensitive information and system integrity. A man-in-the-middle technique is typically employed to facilitate this exploit, making it crucial for users to stay vigilant and apply necessary security patches.

Affected Version(s)

Schneider Electric Software Update (SESU) V2.4.0 and prior. Schneider Electric Software Update (SESU) V2.4.0 and prior.

References

https://www.se.com/ww/en/download/document/SEVD-2020-196-01/

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2020
Vulnerability Reserved
Jan 21, 2020