First published: Thu Jul 23 2020(Updated: )
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Software Update Utility | <=2.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-7520.
The severity rating of CVE-2020-7520 is medium with a score of 4.7.
The CWE ID for this vulnerability is CWE-601.
Schneider Electric Software Update (SESU) versions up to and including v2.4.0 are affected by CVE-2020-7520.
In order to exploit CVE-2020-7520, an attacker requires privileged access and can perform URL redirection to an untrusted site, leading to the execution of malicious code on the victim's machine.