Vulnerability Description
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Energy Expert | 2.0 |
| Schneider-Electric | Ecostruxure Power Monitoring Expert | 7.0 |
| Schneider-Electric | Power Manager | 1.1 |
| Schneider-Electric | Powerscada Expert With Advanced Reporting And Dashboards | 8.0 |
| Schneider-Electric | Powerscada Operation With Advanced Reporting And Dashboards | 9.0 |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/Vendor Advisory
FAQ
What is CVE-2020-7545?
CVE-2020-7545 is a vulnerability with a CVSS score of 7.2 (HIGH). A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for a...
How severe is CVE-2020-7545?
CVE-2020-7545 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7545?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Energy Expert, Schneider-Electric Ecostruxure Power Monitoring Expert, Schneider-Electric Power Manager, Schneider-Electric Powerscada Expert With Advanced Reporting And Dashboards, Schneider-Electric Powerscada Operation With Advanced Reporting And Dashboards.