// For flags

CVE-2020-28219

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.

Una CWE-522: Se presenta una vulnerabilidad de Credenciales Insuficientemente Protegidas en EcoStruxure Geo SCADA Expert 2019 (versión original y Actualizaciones Mensuales hasta Septiembre de 2020, desde 81.7268.1 hasta 81.7578.1) y EcoStruxure Geo SCADA Expert 2020 (versión original y Actualizaciones Mensuales hasta Septiembre de 2020), desde 83.7551.1 hasta 83.7578.1), que podría causar la exposición de las credenciales a los usuarios del lado del servidor cuando los usuarios web inician sesión en Virtual ViewX

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-11-05 CVE Reserved
  • 2020-12-11 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.se.com/ww/en/download/document/SEVD-2020-343-02 2020-12-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Geo Scada Expert 2019
Search vendor "Schneider-electric" for product "Ecostruxure Geo Scada Expert 2019"
 >= 81.7268.1 <= 81.7578.1
Search vendor "Schneider-electric" for product "Ecostruxure Geo Scada Expert 2019" and version " >= 81.7268.1 <= 81.7578.1"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Geo Scada Expert 2020
Search vendor "Schneider-electric" for product "Ecostruxure Geo Scada Expert 2020"
 >= 83.7551.1 <= 83.7578.1
Search vendor "Schneider-electric" for product "Ecostruxure Geo Scada Expert 2020" and version " >= 83.7551.1 <= 83.7578.1"
-
Affected