Path Traversal Vulnerability in SCADAPack 7x Remote Connect by Schneider Electric
CVE-2020-7529

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Scadapack 7x Remote Connect V3.6.3.574 And Prior.
Vendor: CVE Published:; 16 September 2020

Summary

A vulnerability exists in the SCADAPack 7x Remote Connect software that allows attackers to exploit improper pathname restrictions. By using a specially crafted .RCZ file, an attacker may gain access and manipulate files in unprotected directories on the system. This type of vulnerability can lead to unauthorized actions and data exposure, making it essential for users to apply recommended mitigations to secure their systems.

Affected Version(s)

SCADAPack 7x Remote Connect V3.6.3.574 and prior. SCADAPack 7x Remote Connect V3.6.3.574 and prior.

References

https://www.se.com/ww/en/download/document/SEVD-2020-252-01/

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2020
Vulnerability Reserved
Jan 21, 2020