Vulnerability Description
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Ecostruxure Energy Expert | 2.0 |
| Schneider-Electric | Ecostruxure Power Monitoring Expert | 7.0 |
| Schneider-Electric | Power Manager | 1.1 |
| Schneider-Electric | Powerscada Expert With Advanced Reporting And Dashboards | 8.0 |
| Schneider-Electric | Powerscada Operation With Advanced Reporting And Dashboards | 9.0 |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-287-04/Vendor Advisory
FAQ
What is CVE-2020-7547?
CVE-2020-7547 is a vulnerability with a CVSS score of 8.8 (HIGH). A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a us...
How severe is CVE-2020-7547?
CVE-2020-7547 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7547?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Ecostruxure Energy Expert, Schneider-Electric Ecostruxure Power Monitoring Expert, Schneider-Electric Power Manager, Schneider-Electric Powerscada Expert With Advanced Reporting And Dashboards, Schneider-Electric Powerscada Operation With Advanced Reporting And Dashboards.