Improper Privilege Management in Schneider Electric Modbus Serial Driver
CVE-2020-7523

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Schneider Electric Modbus Serial Driver (64 Bits) Versions Prior To V3.20 Ie 30, Schneider Electric Modbus Serial Driver (32 Bits) Versions Prior To V2.20 Ie 30, And Schneider Electric Modbus Driver Suite Versions Prior To V14.15.0.0
Vendor: CVE Published:; 31 August 2020

Summary

The Modbus Serial Driver from Schneider Electric is vulnerable due to improper privilege management which can be exploited to escalate local privileges. This vulnerability arises when the driver fails to effectively assign, modify, track, or verify the privileges of actors interacting with the service. As a result, unauthorized users may gain unintended control, leading to potential security risks. Ensuring that system configurations adhere to best practices and implementing timely updates are crucial to mitigate exposure to this vulnerability.

Affected Version(s)

Schneider Electric Modbus Serial Driver (64 bits) prior to V3.20 IE 30, Schneider Electric Modbus Serial Driver (32 bits) prior to V2.20 IE 30, and Schneider Electric Modbus Driver Suite prior to V14.15.0.0 Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30, Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30, and Schneider Electric Modbus Driver Suite versions prior to V14.15.0.1

References

https://www.se.com/ww/en/download/document/SEVD-2020-224-01/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 31, 2020
Vulnerability Reserved
Jan 21, 2020