VDB

SEVD-2020-287-04

SEVD-2020-287-04 PUBLISHED CVSS 8.399999618530273 HIGH

Schneider Electric is aware of multiple vulnerabilities in its EcoStruxure™ and SmartStruxure™ Power Monitoring & SCADA Software. Failure to apply the mitigation provided below may risk remote code execution, which could result in an attacker gaining root level access to the underlying operating system on the impacted server.

Risk Scores

CVSS v3.1
8.399999618530273
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Schneider Electric EcoStruxure™ Power SCADA Operations with Advanced Reporting and Dashboard Module Products version 2020
Schneider Electric Power Manager version 1.2
Schneider Electric Power Manager version 1.1
Schneider Electric EcoStruxure™ Power Monitoring Expert version 8.x
Schneider Electric EcoStruxure™ Power Monitoring Expert version 7.x
Schneider Electric EcoStruxure™ Power SCADA Operation with Advanced Reporting and Dashboards Module version 9.0
Schneider Electric StruxureWare™ PowerSCADA Expert with Advanced Reporting and Dashboards Module version 8.x
Schneider Electric EcoStruxure™ Power Monitoring Expert Version 2020
Schneider Electric EcoStruxure™ Energy Expert version 3.0
Schneider Electric EcoStruxure™ Power Monitoring Expert version 9.0
Schneider Electric Power Manager version 1.3
Schneider Electric EcoStruxure™ Energy Expert version 2.0

Timeline

  • Oct 13, 2020 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›