Sign-up

ID

VAR-202008-1031


CVE

CVE-2020-7522


TITLE

Schneider Electric Made APC Easy UPS On-Line Software Path Traversal Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-007431

DESCRIPTION

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. * Past traversal (CWE-22) - CVE-2020-7521 , CVE-2020-7522By a remote third party, " FileUploadServlet , " SoundUploadServlet Accessed the method and uploaded the executable file to an unspecified directory - CVE-2020-7521 , CVE-2020-7522. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SoundUploadServlet class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Remote attackers can use this vulnerability to submit special requests and upload any files to any directory

Trust: 2.79

sources: NVD: CVE-2020-7522 // JVNDB: JVNDB-2020-007431 // ZDI: ZDI-20-1007 // CNVD: CNVD-2020-46796

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46796

AFFECTED PRODUCTS

vendor:schneider electricmodel:apc easy ups online softwarescope:lteversion:2.0

Trust: 1.0

vendor:schneider electricmodel:apc easy ups on-line software sfapv9601scope:eqversion:v2.0

Trust: 0.8

vendor:schneider electricmodel:apc easy ups onlinescope: - version: -

Trust: 0.7

vendor:schneidermodel:electric apc easy ups on-linescope:lteversion:<=2.0

Trust: 0.6

sources: ZDI: ZDI-20-1007 // CNVD: CNVD-2020-46796 // JVNDB: JVNDB-2020-007431 // NVD: CVE-2020-7522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7522
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2020-007431
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-7522
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-46796
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202008-594
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-7522
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-46796
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7522
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-007431
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-7522
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1007 // CNVD: CNVD-2020-46796 // JVNDB: JVNDB-2020-007431 // CNNVD: CNNVD-202008-594 // NVD: CVE-2020-7522

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2020-7522

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-594

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202008-594

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007431

PATCH
title:Schneider Electric Security Notificationurl:https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-224-04_APC_Easy_UPS_On-Line_Software_Security_Notification.pdf
Trust: 0.8
title:Schneider Electric has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-20-224-02
Trust: 0.7
title:Patch for Schneider Electric APC Easy UPS On-Line SoundUploadServlet path traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/231088
Trust: 0.6
title:Schneider Electric APC Easy UPS On-Line Software Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126633
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-1007 // 
            
            
            
            CNVD: CNVD-2020-46796 // 
            
            
            
            JVNDB: JVNDB-2020-007431 // 
            
            
            
            CNNVD: CNNVD-202008-594

EXTERNAL IDS
db:NVDid:CVE-2020-7522
Trust: 3.7
db:ICS CERTid:ICSA-20-224-02
Trust: 2.0
db:SCHNEIDERid:SEVD-2020-224-04
Trust: 1.6
db:ZDIid:ZDI-20-1007
Trust: 1.3
db:JVNid:JVNVU90099158
Trust: 0.8
db:JVNDBid:JVNDB-2020-007431
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10605
Trust: 0.7
db:CNVDid:CNVD-2020-46796
Trust: 0.6
db:AUSCERTid:ESB-2020.2761
Trust: 0.6
db:CNNVDid:CNNVD-202008-594
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-1007 // 
            
            
            
            CNVD: CNVD-2020-46796 // 
            
            
            
            JVNDB: JVNDB-2020-007431 // 
            
            
            
            CNNVD: CNNVD-202008-594 // 
            
            
            
            NVD: CVE-2020-7522

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-224-02
Trust: 2.7
url:https://www.se.com/ww/en/download/document/sevd-2020-224-04/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7521
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7522
Trust: 0.8
url:http://jvn.jp/cert/jvnvu90099158
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-20-1007/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2761/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-7522
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-1007 // 
            
            
            
            CNVD: CNVD-2020-46796 // 
            
            
            
            JVNDB: JVNDB-2020-007431 // 
            
            
            
            CNNVD: CNNVD-202008-594 // 
            
            
            
            NVD: CVE-2020-7522

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-1007

SOURCES
db:ZDIid:ZDI-20-1007
db:CNVDid:CNVD-2020-46796
db:JVNDBid:JVNDB-2020-007431
db:CNNVDid:CNNVD-202008-594
db:NVDid:CVE-2020-7522

LAST UPDATE DATE
2024-11-23T21:51:23.394000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-1007date:2020-08-17T00:00:00
db:CNVDid:CNVD-2020-46796date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-007431date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202008-594date:2021-01-05T00:00:00
db:NVDid:CVE-2020-7522date:2024-11-21T05:37:18.423

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-1007date:2020-08-17T00:00:00
db:CNVDid:CNVD-2020-46796date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-007431date:2020-08-13T00:00:00
db:CNNVDid:CNNVD-202008-594date:2020-08-11T00:00:00
db:NVDid:CVE-2020-7522date:2020-08-31T17:15:12.297