1. Home
  2. CVE Database
  3. CVE-2020-7523
HIGH · 7.8

CVE-2020-7523

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Seri...

Vulnerability Description

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Schneider-ElectricModbus Driver Suite< 14.15.0.0
Schneider-ElectricModbus Serial Driver< 2.20_ie_30

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2020-7523?

CVE-2020-7523 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Seri...

How severe is CVE-2020-7523?

CVE-2020-7523 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7523?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modbus Driver Suite, Schneider-Electric Modbus Serial Driver.