CVE-2020-7479: Schneider Electric IGSS IGSSupdateservice Improper Access Control Privilege Escalation Vulnerability
First published: Mon Mar 23 2020(Updated: )
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Interactive Graphical Scada System | >=14.0<14.0.0.20009 | |
| Schneider Electric IGSS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-7479.
What is the severity of CVE-2020-7479?
CVE-2020-7479 has a severity score of 7.8 (High).
What is the affected software for CVE-2020-7479?
The affected software for CVE-2020-7479 is Schneider Electric IGSS (Interactive Graphical SCADA System) version 14.0 and below.
How can an attacker exploit CVE-2020-7479?
An attacker can exploit CVE-2020-7479 by executing low-privileged code on the target system to escalate privileges.
How can I fix CVE-2020-7479?
To fix CVE-2020-7479, it is recommended to update Schneider Electric IGSS to a version higher than 14.0.0.20009.
- collector/nvd-index
- collector/zdi-advisory
- alias/ZDI-20-370
- alias/ZDI-CAN-9758
- alias/CVE-2020-7479
- vendor/schneider-electric
- product/interactive graphical scada system
- canonical/schneider-electric interactive graphical scada system
- vendor/schneider electric
- product/igss
- canonical/schneider electric igss