VDB
CVE-2020-7545
CVE-2020-7545
PUBLISHED
CVSS 7.199999809265137 HIGH
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
EPSS 0.46% · 64.6th percentile
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.46%
64.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | ecostruxure_power_monitoring_expert | 7.0, 8.0, 9.0 |
| schneider-electric | power_manager | 1.2, 1.1, 1.3 |
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) | * |
| schneider-electric | powerscada_operation_with_advanced_reporting_and_dashboards | 9.0 |
| schneider-electric | powerscada_expert_with_advanced_reporting_and_dashboards | 8.0 |
| schneider-electric | ecostruxure_energy_expert | 2.0 |
Exploit Intelligence
Timeline
- Oct 14, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://www.se.com/ww/en/download/document/SEVD-2020-287-02/ advisory
- https://www.se.com/ww/en/download/document/SEVD-2017-075-03/ advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-03/ advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/ advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-01/ advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-175-01/ advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-7545 advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04 url