VAR-202003-1445
Vulnerability from variot - Updated: 2023-12-18 13:18A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. IGSS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IGSSupdateservice service, which listens on TCP port 12414 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (Data Acquisition and Monitoring System) system for monitoring and controlling industrial processes by Schneider Electric (France).
Schneider Electric IGSS (Interactive Graphical SCADA System) 14 and earlier versions (using IGSSupdate service) have access control error vulnerabilities. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interactive graphical scada system",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "14.0.0.20009"
},
{
"model": "interactive graphical scada system",
"scope": "gte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "14.0"
},
{
"model": "interactive graphical scada system",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "14"
},
{
"model": "igss",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "interactive graphical scada system",
"version": "*"
},
{
"model": "electric igss",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=14"
}
],
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "NVD",
"id": "CVE-2020-7479"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.0.20009",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7479"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-370"
}
],
"trust": 0.7
},
"cve": "CVE-2020-7479",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003179",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-19888",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "74948927-d328-4f80-9f7c-7522889db29e",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-185604",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003179",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-7479",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7479",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003179",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-7479",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-19888",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1340",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-185604",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "VULHUB",
"id": "VHN-185604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. IGSS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IGSSupdateservice service, which listens on TCP port 12414 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (Data Acquisition and Monitoring System) system for monitoring and controlling industrial processes by Schneider Electric (France). \n\r\n\r\nSchneider Electric IGSS (Interactive Graphical SCADA System) 14 and earlier versions (using IGSSupdate service) have access control error vulnerabilities. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "VULHUB",
"id": "VHN-185604"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7479",
"trust": 4.4
},
{
"db": "ZDI",
"id": "ZDI-20-370",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-070-01",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-20-084-02",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-19888",
"trust": 1.3
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9758",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "46227",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1085",
"trust": 0.6
},
{
"db": "IVD",
"id": "47CF2633-AF46-4636-89D7-2C1A2EDBC992",
"trust": 0.2
},
{
"db": "IVD",
"id": "74948927-D328-4F80-9F7C-7522889DB29E",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2497741-9C48-468F-B5ED-39AD38F987AE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185604",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "VULHUB",
"id": "VHN-185604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"id": "VAR-202003-1445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "VULHUB",
"id": "VHN-185604"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
}
]
},
"last_update_date": "2023-12-18T13:18:20.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-070-01",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-070-01/"
},
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-02"
},
{
"title": "Patch for Schneider Electric Interactive Graphical SCADA System Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/211413"
},
{
"title": "Schneider Electric Interactive Graphical SCADA System Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112782"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "NVD",
"id": "CVE-2020-7479"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-084-02"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7479"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-070-01/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-370/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7479"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46227"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1085/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "VULHUB",
"id": "VHN-185604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "VULHUB",
"id": "VHN-185604"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-23T00:00:00",
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"date": "2020-03-23T00:00:00",
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"date": "2020-03-23T00:00:00",
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"date": "2020-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"date": "2020-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"date": "2020-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-185604"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"date": "2020-03-23T20:15:12.450000",
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"date": "2020-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-20-370"
},
{
"date": "2020-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-185604"
},
{
"date": "2020-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003179"
},
{
"date": "2022-10-06T19:37:52.307000",
"db": "NVD",
"id": "CVE-2020-7479"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Interactive Graphical SCADA System Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "CNVD",
"id": "CNVD-2020-19888"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "47cf2633-af46-4636-89d7-2c1a2edbc992"
},
{
"db": "IVD",
"id": "74948927-d328-4f80-9f7c-7522889db29e"
},
{
"db": "IVD",
"id": "e2497741-9c48-468f-b5ed-39ad38f987ae"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1340"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…