Search criteria
9 vulnerabilities found for powerscada_expert_with_advanced_reporting_and_dashboards by schneider-electric
FKIE_CVE-2020-7547
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6819EA7A-C803-480F-98DF-44DA144FE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66E928C4-87C8-4BD6-9131-B7D558330CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0093C-00CE-43A8-80EC-0509992E637B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A1DF0-42B8-4123-8276-1D4BED156034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54A54A8D-40F5-4E75-A524-B81E487DB274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2CF9D-8D0C-4FD3-94A2-34A63E297B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F406C-868A-443C-8842-6CFFFF17C236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
},
{
"lang": "es",
"value": "Una CWE-284: Se presenta una vulnerabilidad Control de Acceso Inapropiado en el Software EcoStruxure\u00aa y SmartStruxure\u00aa Power Monitoring and SCADA (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda permitir a un usuario la habilidad para llevar a cabo acciones por medio de la interfaz web en un nivel de privilegio elevado"
}
],
"id": "CVE-2020-7547",
"lastModified": "2024-11-21T05:37:21.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.657",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7545
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6819EA7A-C803-480F-98DF-44DA144FE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66E928C4-87C8-4BD6-9131-B7D558330CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0093C-00CE-43A8-80EC-0509992E637B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A1DF0-42B8-4123-8276-1D4BED156034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54A54A8D-40F5-4E75-A524-B81E487DB274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2CF9D-8D0C-4FD3-94A2-34A63E297B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F406C-868A-443C-8842-6CFFFF17C236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
},
{
"lang": "es",
"value": "Una CWE-284: Se presenta una vulnerabilidad Control de Acceso Inapropiado en el Software EcoStruxure\u00aa y SmartStruxure\u00aa Power Monitoring and SCADA (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda permitir una ejecuci\u00f3n de c\u00f3digo arbitraria en el servidor cuando un usuario autorizado accede a una p\u00e1gina web afectada"
}
],
"id": "CVE-2020-7545",
"lastModified": "2024-11-21T05:37:21.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.297",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7546
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF7DFC6-6F41-491B-A703-6AB0143FE5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6819EA7A-C803-480F-98DF-44DA144FE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66E928C4-87C8-4BD6-9131-B7D558330CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEB4F4B-0B22-47CA-B173-C06C1A925348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0093C-00CE-43A8-80EC-0509992E637B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A1DF0-42B8-4123-8276-1D4BED156034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:power_manager:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54A54A8D-40F5-4E75-A524-B81E487DB274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2CF9D-8D0C-4FD3-94A2-34A63E297B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F406C-868A-443C-8842-6CFFFF17C236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
},
{
"lang": "es",
"value": "Una CWE-79: Se presenta una vulnerabilidad Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web en el Software EcoStruxure\u00aa y SmartStruxure\u00aa Power Monitoring and SCADA (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda permitir a un atacante llevar a cabo acciones en nombre del usuario autorizado cuando se acceder a un p\u00e1gina web afectada"
}
],
"id": "CVE-2020-7546",
"lastModified": "2024-11-21T05:37:21.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.563",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
CVE-2020-7547 (GCVE-0-2020-7547)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:52",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7547",
"datePublished": "2020-12-01T14:44:52",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7546 (GCVE-0-2020-7546)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7546",
"datePublished": "2020-12-01T14:44:31",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7545 (GCVE-0-2020-7545)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:10",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7545",
"datePublished": "2020-12-01T14:44:10",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7547 (GCVE-0-2020-7547)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:52",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284: Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7547",
"datePublished": "2020-12-01T14:44:52",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7546 (GCVE-0-2020-7546)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7546",
"datePublished": "2020-12-01T14:44:31",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7545 (GCVE-0-2020-7545)
Vulnerability from nvd – Published: 2020-12-01 14:44 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) |
Affected:
EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284:Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:44:10",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-284:Improper Access Control vulnerability exists in EcoStruxure\u00aa and SmartStruxure\u00aa Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284:Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7545",
"datePublished": "2020-12-01T14:44:10",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}