// For flags

CVE-2020-7523

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Se presenta una vulnerabilidad de Administración de Privilegios Inapropiada en Schneider Electric Modbus Serial Driver (consulte la notificación de seguridad para las versiones) que podría causar una escalada de privilegios locales cuando el servicio Modbus Serial Driver es invocado. El controlador no asigna, modifica, rastrea o comprueba apropiadamente los privilegios de un actor, creando una esfera de control no prevista para ese actor

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2020-08-31 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.se.com/ww/en/download/document/SEVD-2020-224-01 2021-06-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Modbus Driver Suite
Search vendor "Schneider-electric" for product "Modbus Driver Suite"
 < 14.15.0.0
Search vendor "Schneider-electric" for product "Modbus Driver Suite" and version " < 14.15.0.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modbus Serial Driver
Search vendor "Schneider-electric" for product "Modbus Serial Driver"
 < 2.20_ie_30
Search vendor "Schneider-electric" for product "Modbus Serial Driver" and version " < 2.20_ie_30"
x86
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modbus Serial Driver
Search vendor "Schneider-electric" for product "Modbus Serial Driver"
 < 3.20_ie_30
Search vendor "Schneider-electric" for product "Modbus Serial Driver" and version " < 3.20_ie_30"
x64
Affected