ID
VAR-202008-1032
CVE
CVE-2020-7523
TITLE
Schneider Electric Modbus Privilege management vulnerability in serial driver
Trust: 0.8
sources:
JVNDB: JVNDB-2020-010515
DESCRIPTION
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. (DoS) It may be put into a state. Schneider Electric Modbus Serial Driver is a serial driver of French Schneider Electric (Schneider Electric)
Trust: 1.71
sources:
NVD: CVE-2020-7523 //
JVNDB: JVNDB-2020-010515 //
VULHUB: VHN-185648
AFFECTED PRODUCTS
| vendor: | schneider electric | model: | modbus serial driver | scope: | lt | version: | 2.20_ie_30 | Trust: 1.0 |
| vendor: | schneider electric | model: | modbus driver suite | scope: | lt | version: | 14.15.0.0 | Trust: 1.0 |
| vendor: | schneider electric | model: | modbus serial driver | scope: | lt | version: | 3.20_ie_30 | Trust: 1.0 |
| vendor: | schneider electric | model: | modbus driver suite | scope: | - | version: | - | Trust: 0.8 |
| vendor: | schneider electric | model: | modbus serial driver | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2020-010515 //
NVD: CVE-2020-7523
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-185648 //
JVNDB: JVNDB-2020-010515 //
CNNVD: CNNVD-202008-1468 //
NVD: CVE-2020-7523
PROBLEMTYPE DATA
| problemtype: | CWE-269 | Trust: 1.9 |
sources:
VULHUB: VHN-185648 //
JVNDB: JVNDB-2020-010515 //
NVD: CVE-2020-7523
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202008-1468
TYPE
other
Trust: 0.6
sources:
CNNVD: CNNVD-202008-1468
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-010515
PATCH
| title: | SEVD-2020-224-01 | url: | https://www.se.com/ww/en/download/document/SEVD-2020-224-01/ | Trust: 0.8 |
sources:
JVNDB: JVNDB-2020-010515
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-7523 | Trust: 2.5 |
| db: | SCHNEIDER | id: | SEVD-2020-224-01 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2020-010515 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202008-1468 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-185648 | Trust: 0.1 |
sources:
VULHUB: VHN-185648 //
JVNDB: JVNDB-2020-010515 //
CNNVD: CNNVD-202008-1468 //
NVD: CVE-2020-7523
REFERENCES
| url: | https://www.se.com/ww/en/download/document/sevd-2020-224-01/ | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-7523 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7523 | Trust: 0.8 |
sources:
VULHUB: VHN-185648 //
JVNDB: JVNDB-2020-010515 //
CNNVD: CNNVD-202008-1468 //
NVD: CVE-2020-7523
SOURCES
| db: | VULHUB | id: | VHN-185648 |
| db: | JVNDB | id: | JVNDB-2020-010515 |
| db: | CNNVD | id: | CNNVD-202008-1468 |
| db: | NVD | id: | CVE-2020-7523 |
LAST UPDATE DATE
2024-11-23T21:59:03.293000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-185648 | date: | 2021-06-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-010515 | date: | 2021-01-25T09:01:14 |
| db: | CNNVD | id: | CNNVD-202008-1468 | date: | 2021-08-12T00:00:00 |
| db: | NVD | id: | CVE-2020-7523 | date: | 2024-11-21T05:37:18.530 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-185648 | date: | 2020-08-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-010515 | date: | 2021-01-25T09:01:14 |
| db: | CNNVD | id: | CNNVD-202008-1468 | date: | 2020-08-31T00:00:00 |
| db: | NVD | id: | CVE-2020-7523 | date: | 2020-08-31T17:15:12.373 |