Vulnetix
Try Vulnetix Request Demo
CVE-2020-7545 PUBLISHED CVSS 7.199999809265137 HIGH

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

EPSS 0.46% · 64.0th percentile

Risk Scores

CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.46%
64.0th percentile

Affected Products

VendorProductVersions
schneider-electricecostruxure_power_monitoring_expert7.0, 8.0, 9.0
schneider-electricpower_manager1.2, 1.3, 1.1
n/aEcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
schneider-electricpowerscada_operation_with_advanced_reporting_and_dashboards9.0
schneider-electricpowerscada_expert_with_advanced_reporting_and_dashboards8.0
schneider-electricecostruxure_energy_expert2.0

Timeline

References

Open in Interactive Console →