CVE-2020-7545
First published: Tue Dec 01 2020(Updated: )
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Ecostruxure Energy Expert | =2.0 | |
| Schneider Electric EcoStruxure Power Monitoring Expert | =7.0 | |
| Schneider Electric EcoStruxure Power Monitoring Expert | =8.0 | |
| Schneider Electric EcoStruxure Power Monitoring Expert | =9.0 | |
| Schneider-electric Power Manager | =1.1 | |
| Schneider-electric Power Manager | =1.2 | |
| Schneider-electric Power Manager | =1.3 | |
| Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards | =8.0 | |
| Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this EcoStruxure vulnerability?
The vulnerability ID for this EcoStruxure vulnerability is CVE-2020-7545.
What is the title of the EcoStruxure vulnerability?
The title of the EcoStruxure vulnerability is 'A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.'
What is the severity level of CVE-2020-7545?
The severity level of CVE-2020-7545 is high with a value of 7.2.
Which software versions are affected by this EcoStruxure vulnerability?
The EcoStruxure vulnerability affects the following software versions: Schneider-electric Ecostruxure Energy Expert 2.0, Schneider-electric Ecostruxure Power Monitoring Expert 7.0, Schneider-electric Ecostruxure Power Monitoring Expert 8.0, Schneider-electric Ecostruxure Power Monitoring Expert 9.0, Schneider-electric Power Manager 1.1, Schneider-electric Power Manager 1.2, Schneider-electric Power Manager 1.3, Schneider-electric Powerscada Expert With Advanced Reporting And Dashboards 8.0, Schneider-electric Powerscada Operation With Advanced Reporting And Dashboards 9.0.
How can this vulnerability be fixed?
To fix this vulnerability, it is recommended to apply the security updates provided by Schneider Electric. Please refer to the reference link for more information.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/schneider-electric
- canonical/schneider-electric ecostruxure energy expert
- version/schneider-electric ecostruxure energy expert/2.0
- canonical/schneider electric ecostruxure power monitoring expert
- version/schneider electric ecostruxure power monitoring expert/7.0
- version/schneider electric ecostruxure power monitoring expert/8.0
- version/schneider electric ecostruxure power monitoring expert/9.0
- canonical/schneider-electric power manager
- version/schneider-electric power manager/1.1
- version/schneider-electric power manager/1.2
- version/schneider-electric power manager/1.3
- canonical/schneider-electric powerscada expert with advanced reporting and dashboards
- version/schneider-electric powerscada expert with advanced reporting and dashboards/8.0
- canonical/schneider-electric powerscada operation with advanced reporting and dashboards
- version/schneider-electric powerscada operation with advanced reporting and dashboards/9.0