Details of VAR-202003-1444

ID

VAR-202003-1444

CVE

CVE-2020-7478

TITLE

Schneider Electric Interactive Graphical SCADA System Path traversal vulnerability

Trust: 1.8

sources: IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // CNVD: CNVD-2020-19885 // CNNVD: CNNVD-202003-1338

DESCRIPTION

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. IGSS Exists in a past traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the IGSSupdateservice service, which listens on TCP port 12414 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (Data Acquisition and Monitoring System) system for monitoring and controlling industrial processes by Schneider Electric (France). There is a path traversal vulnerability in Schneider Electric IGSS (Interactive Graphical SCADA System) 14 and earlier (using the IGSSupdate service). The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 3.42

sources: NVD: CVE-2020-7478 // JVNDB: JVNDB-2020-003178 // ZDI: ZDI-20-371 // CNVD: CNVD-2020-19885 // IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // VULHUB: VHN-185603

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // CNVD: CNVD-2020-19885

AFFECTED PRODUCTS

vendor:	schneider electric	model:	interactive graphical scada system	scope:	gte	version:	14.0	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	lt	version:	14.0.0.20009	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	eq	version:	14	Trust: 0.8
vendor:	schneider electric	model:	igss	scope:	-	version:	-	Trust: 0.7
vendor:	interactive graphical scada system	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	schneider	model:	electric igss	scope:	lte	version:	<=14	Trust: 0.6

sources: IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // ZDI: ZDI-20-371 // CNVD: CNVD-2020-19885 // JVNDB: JVNDB-2020-003178 // NVD: CVE-2020-7478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7478
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-003178
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-7478
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-19885
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-1338
value:	HIGH
Trust: 0.6
IVD:	65bdb2b1-b548-441e-8910-d44526a1f064
value:	HIGH
Trust: 0.2
IVD:	13ab6260-c37e-48c5-9447-2340a2bf90fa
value:	HIGH
Trust: 0.2
IVD:	60c3fdad-575e-4723-bbba-21d9d34622f6
value:	HIGH
Trust: 0.2
VULHUB:	VHN-185603
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7478
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003178
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-19885
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	65bdb2b1-b548-441e-8910-d44526a1f064
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	13ab6260-c37e-48c5-9447-2340a2bf90fa
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	60c3fdad-575e-4723-bbba-21d9d34622f6
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-185603
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7478
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003178
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-7478
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // ZDI: ZDI-20-371 // CNVD: CNVD-2020-19885 // VULHUB: VHN-185603 // JVNDB: JVNDB-2020-003178 // CNNVD: CNNVD-202003-1338 // NVD: CVE-2020-7478

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-185603 // JVNDB: JVNDB-2020-003178 // NVD: CVE-2020-7478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1338

TYPE

Path traversal

Trust: 1.2

sources: IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // CNNVD: CNNVD-202003-1338

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003178

PATCH

title:	SEVD-2020-070-01	url:	https://www.se.com/ww/en/download/document/SEVD-2020-070-01/	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-084-02	Trust: 0.7
title:	Patch for Schneider Electric Interactive Graphical SCADA System Path Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/211411	Trust: 0.6
title:	Schneider Electric Interactive Graphical SCADA System Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112780	Trust: 0.6

sources: ZDI: ZDI-20-371 // CNVD: CNVD-2020-19885 // JVNDB: JVNDB-2020-003178 // CNNVD: CNNVD-202003-1338

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7478	Trust: 4.4
db:	ZDI	id:	ZDI-20-371	Trust: 2.4
db:	SCHNEIDER	id:	SEVD-2020-070-01	Trust: 1.7
db:	ICS CERT	id:	ICSA-20-084-02	Trust: 1.4
db:	CNVD	id:	CNVD-2020-19885	Trust: 1.3
db:	CNNVD	id:	CNNVD-202003-1338	Trust: 1.3
db:	JVNDB	id:	JVNDB-2020-003178	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9757	Trust: 0.7
db:	NSFOCUS	id:	46225	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1085	Trust: 0.6
db:	IVD	id:	65BDB2B1-B548-441E-8910-D44526A1F064	Trust: 0.2
db:	IVD	id:	13AB6260-C37E-48C5-9447-2340A2BF90FA	Trust: 0.2
db:	IVD	id:	60C3FDAD-575E-4723-BBBA-21D9D34622F6	Trust: 0.2
db:	VULHUB	id:	VHN-185603	Trust: 0.1

sources: IVD: 65bdb2b1-b548-441e-8910-d44526a1f064 // IVD: 13ab6260-c37e-48c5-9447-2340a2bf90fa // IVD: 60c3fdad-575e-4723-bbba-21d9d34622f6 // ZDI: ZDI-20-371 // CNVD: CNVD-2020-19885 // VULHUB: VHN-185603 // JVNDB: JVNDB-2020-003178 // CNNVD: CNNVD-202003-1338 // NVD: CVE-2020-7478

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-084-02	Trust: 2.1
url:	https://www.se.com/ww/en/download/document/sevd-2020-070-01/	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-371/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7478	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7478	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7478\	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/46225	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1085/	Trust: 0.6

sources: ZDI: ZDI-20-371 // CNVD: CNVD-2020-19885 // VULHUB: VHN-185603 // JVNDB: JVNDB-2020-003178 // CNNVD: CNNVD-202003-1338 // NVD: CVE-2020-7478

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-20-371

SOURCES

db:	IVD	id:	65bdb2b1-b548-441e-8910-d44526a1f064
db:	IVD	id:	13ab6260-c37e-48c5-9447-2340a2bf90fa
db:	IVD	id:	60c3fdad-575e-4723-bbba-21d9d34622f6
db:	ZDI	id:	ZDI-20-371
db:	CNVD	id:	CNVD-2020-19885
db:	VULHUB	id:	VHN-185603
db:	JVNDB	id:	JVNDB-2020-003178
db:	CNNVD	id:	CNNVD-202003-1338
db:	NVD	id:	CVE-2020-7478

LAST UPDATE DATE

2024-11-23T22:44:38.191000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-371	date:	2020-04-03T00:00:00
db:	CNVD	id:	CNVD-2020-19885	date:	2020-03-28T00:00:00
db:	VULHUB	id:	VHN-185603	date:	2022-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-003178	date:	2020-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202003-1338	date:	2020-04-07T00:00:00
db:	NVD	id:	CVE-2020-7478	date:	2024-11-21T05:37:13.563

SOURCES RELEASE DATE

db:	IVD	id:	65bdb2b1-b548-441e-8910-d44526a1f064	date:	2020-03-23T00:00:00
db:	IVD	id:	13ab6260-c37e-48c5-9447-2340a2bf90fa	date:	2020-03-23T00:00:00
db:	IVD	id:	60c3fdad-575e-4723-bbba-21d9d34622f6	date:	2020-03-23T00:00:00
db:	ZDI	id:	ZDI-20-371	date:	2020-04-03T00:00:00
db:	CNVD	id:	CNVD-2020-19885	date:	2020-03-28T00:00:00
db:	VULHUB	id:	VHN-185603	date:	2020-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-003178	date:	2020-04-07T00:00:00
db:	CNNVD	id:	CNNVD-202003-1338	date:	2020-03-23T00:00:00
db:	NVD	id:	CVE-2020-7478	date:	2020-03-23T20:15:12.370