Improper Access Control in EcoStruxure and SmartStruxure Power Monitoring
CVE-2020-7547

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxureª And Smartstruxureª Power Monitoring And Scada Software (see Security Notification For Version Information)
Vendor: CVE Published:; 1 December 2020

Summary

An improper access control vulnerability exists in Schneider Electric's EcoStruxure and SmartStruxure Power Monitoring and SCADA Software. This flaw could allow an attacker to execute actions through the web interface with elevated privileges, potentially leading to unauthorized access and control over the system. Users are encouraged to apply the latest updates and follow security recommendations to mitigate risks associated with this vulnerability.

Affected Version(s)

EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)

References

https://www.se.com/ww/en/download/document/SEVD-2020-287-04/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2020
Vulnerability Reserved
Jan 21, 2020