Sign-up

ID

VAR-202003-1446


CVE

CVE-2020-7480


TITLE

Andover Continuum Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003180

DESCRIPTION

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. Andover Continuum Exists in a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-7480 // JVNDB: JVNDB-2020-003180

AFFECTED PRODUCTS

vendor:schneider electricmodel:andover continuum 9200scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum bcx4040scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 9924scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum bcx9640scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 9900scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 5720scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 9680scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 9941scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 9702scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 9940scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 5740scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:andover continuum 5720scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 5740scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 9680scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 9702scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 9900scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 9924scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 9940scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum 9941scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum bcx4040scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:andover continuum bcx9640scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-003180 // NVD: CVE-2020-7480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7480
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003180
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202003-1341
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-7480
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003180
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-7480
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003180
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-003180 // CNNVD: CNNVD-202003-1341 // NVD: CVE-2020-7480

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2020-003180 // NVD: CVE-2020-7480

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1341

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-1341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003180

PATCH
title:SEVD-2020-070-04url:https://www.se.com/ww/en/download/document/SEVD-2020-070-04/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003180

EXTERNAL IDS
db:NVDid:CVE-2020-7480
Trust: 2.4
db:SCHNEIDERid:SEVD-2020-070-04
Trust: 1.6
db:JVNDBid:JVNDB-2020-003180
Trust: 0.8
db:CNNVDid:CNNVD-202003-1341
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003180 // 
            
            
            
            CNNVD: CNNVD-202003-1341 // 
            
            
            
            NVD: CVE-2020-7480

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2020-070-04/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7480
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-7480\
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-7480
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003180 // 
            
            
            
            CNNVD: CNNVD-202003-1341 // 
            
            
            
            NVD: CVE-2020-7480

SOURCES
db:JVNDBid:JVNDB-2020-003180
db:CNNVDid:CNNVD-202003-1341
db:NVDid:CVE-2020-7480

LAST UPDATE DATE
2024-11-23T21:59:22.909000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-003180date:2020-04-07T00:00:00
db:CNNVDid:CNNVD-202003-1341date:2020-04-28T00:00:00
db:NVDid:CVE-2020-7480date:2024-11-21T05:37:13.777

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-003180date:2020-04-07T00:00:00
db:CNNVDid:CNNVD-202003-1341date:2020-03-23T00:00:00
db:NVDid:CVE-2020-7480date:2020-03-23T20:15:12.543