Vulnerability Description
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Energy Expert | 2.0 |
| Schneider-Electric | Ecostruxure Power Monitoring Expert | 7.0 |
| Schneider-Electric | Power Manager | 1.1 |
| Schneider-Electric | Powerscada Expert With Advanced Reporting And Dashboards | 8.0 |
| Schneider-Electric | Powerscada Operation With Advanced Reporting And Dashboards | 9.0 |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/Vendor Advisory
FAQ
What is CVE-2020-7546?
CVE-2020-7546 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version...
How severe is CVE-2020-7546?
CVE-2020-7546 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7546?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Energy Expert, Schneider-Electric Ecostruxure Power Monitoring Expert, Schneider-Electric Power Manager, Schneider-Electric Powerscada Expert With Advanced Reporting And Dashboards, Schneider-Electric Powerscada Operation With Advanced Reporting And Dashboards.