Sign-up

ID

VAR-202007-1245


CVE

CVE-2020-7520


TITLE

Schneider Electric Software Update Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008708

DESCRIPTION

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. An attacker could exploit this vulnerability to execute malicious code

Trust: 1.71

sources: NVD: CVE-2020-7520 // JVNDB: JVNDB-2020-008708 // VULHUB: VHN-185645

AFFECTED PRODUCTS

vendor:schneider electricmodel:software update utilityscope:lteversion:2.4.0

Trust: 1.0

vendor:schneider electricmodel:software updatescope:eqversion:2.4.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008708 // NVD: CVE-2020-7520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7520
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008708
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1423
value: MEDIUM

Trust: 0.6

VULHUB: VHN-185645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7520
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008708
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-185645
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7520
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008708
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185645 // JVNDB: JVNDB-2020-008708 // CNNVD: CNNVD-202007-1423 // NVD: CVE-2020-7520

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-185645 // JVNDB: JVNDB-2020-008708 // NVD: CVE-2020-7520

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1423

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1423

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008708

PATCH
title:SEVD-2020-196-01url:https://www.se.com/ww/en/download/document/SEVD-2020-196-01/
Trust: 0.8
title:Schneider Electric Software Update Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125186
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008708 // 
            
            
            
            CNNVD: CNNVD-202007-1423

EXTERNAL IDS
db:NVDid:CVE-2020-7520
Trust: 2.5
db:SCHNEIDERid:SEVD-2020-196-01
Trust: 1.7
db:JVNDBid:JVNDB-2020-008708
Trust: 0.8
db:CNNVDid:CNNVD-202007-1423
Trust: 0.7
db:VULHUBid:VHN-185645
Trust: 0.1
sources:
            
            
            VULHUB: VHN-185645 // 
            
            
            
            JVNDB: JVNDB-2020-008708 // 
            
            
            
            CNNVD: CNNVD-202007-1423 // 
            
            
            
            NVD: CVE-2020-7520

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2020-196-01/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-7520
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7520
Trust: 0.8
sources:
            
            
            VULHUB: VHN-185645 // 
            
            
            
            JVNDB: JVNDB-2020-008708 // 
            
            
            
            CNNVD: CNNVD-202007-1423 // 
            
            
            
            NVD: CVE-2020-7520

SOURCES
db:VULHUBid:VHN-185645
db:JVNDBid:JVNDB-2020-008708
db:CNNVDid:CNNVD-202007-1423
db:NVDid:CVE-2020-7520

LAST UPDATE DATE
2024-11-23T23:07:55.007000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-185645date:2020-07-28T00:00:00
db:JVNDBid:JVNDB-2020-008708date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1423date:2020-07-29T00:00:00
db:NVDid:CVE-2020-7520date:2024-11-21T05:37:18.200

SOURCES RELEASE DATE
db:VULHUBid:VHN-185645date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-008708date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1423date:2020-07-23T00:00:00
db:NVDid:CVE-2020-7520date:2020-07-23T21:15:12.550