Sign-up

ID

VAR-202008-1036


CVE

CVE-2020-7527


TITLE

SoMove Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010518

DESCRIPTION

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. SoMove There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SoMove is a PC-oriented user-friendly setting software for setting up a variety of Schneider Electric motor control equipment. SoMove 2.8.1 and earlier versions have permission error vulnerabilities

Trust: 2.34

sources: NVD: CVE-2020-7527 // JVNDB: JVNDB-2020-010518 // CNVD: CNVD-2020-50552 // VULHUB: VHN-185652 // VULMON: CVE-2020-7527

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-50552

AFFECTED PRODUCTS

vendor:schneider electricmodel:somovescope:lteversion:2.8.1

Trust: 1.0

vendor:schneider electricmodel:somovescope:eqversion:2.8.1

Trust: 0.8

vendor:schneidermodel:electric somovescope:lteversion:<=2.8.1

Trust: 0.6

sources: CNVD: CNVD-2020-50552 // JVNDB: JVNDB-2020-010518 // NVD: CVE-2020-7527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7527
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010518
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-50552
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-1472
value: HIGH

Trust: 0.6

VULHUB: VHN-185652
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-7527
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7527
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010518
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-50552
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-185652
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7527
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010518
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-50552 // VULHUB: VHN-185652 // VULMON: CVE-2020-7527 // JVNDB: JVNDB-2020-010518 // CNNVD: CNNVD-202008-1472 // NVD: CVE-2020-7527

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

sources: VULHUB: VHN-185652 // JVNDB: JVNDB-2020-010518 // NVD: CVE-2020-7527

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-1472

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1472

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010518

PATCH
title:SEVD-2020-224-07url:https://www.se.com/ww/en/download/document/SEVD-2020-224-07/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010518

EXTERNAL IDS
db:NVDid:CVE-2020-7527
Trust: 3.2
db:SCHNEIDERid:SEVD-2020-224-07
Trust: 1.8
db:JVNDBid:JVNDB-2020-010518
Trust: 0.8
db:CNVDid:CNVD-2020-50552
Trust: 0.7
db:CNNVDid:CNNVD-202008-1472
Trust: 0.7
db:VULHUBid:VHN-185652
Trust: 0.1
db:VULMONid:CVE-2020-7527
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-50552 // 
            
            
            
            VULHUB: VHN-185652 // 
            
            
            
            VULMON: CVE-2020-7527 // 
            
            
            
            JVNDB: JVNDB-2020-010518 // 
            
            
            
            CNNVD: CNNVD-202008-1472 // 
            
            
            
            NVD: CVE-2020-7527

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-7527
Trust: 2.0
url:https://www.se.com/ww/en/download/document/sevd-2020-224-07/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7527
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/276.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-50552 // 
            
            
            
            VULHUB: VHN-185652 // 
            
            
            
            VULMON: CVE-2020-7527 // 
            
            
            
            JVNDB: JVNDB-2020-010518 // 
            
            
            
            CNNVD: CNNVD-202008-1472 // 
            
            
            
            NVD: CVE-2020-7527

SOURCES
db:CNVDid:CNVD-2020-50552
db:VULHUBid:VHN-185652
db:VULMONid:CVE-2020-7527
db:JVNDBid:JVNDB-2020-010518
db:CNNVDid:CNNVD-202008-1472
db:NVDid:CVE-2020-7527

LAST UPDATE DATE
2024-11-23T22:40:58.253000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-50552date:2020-09-07T00:00:00
db:VULHUBid:VHN-185652date:2020-09-04T00:00:00
db:VULMONid:CVE-2020-7527date:2020-09-04T00:00:00
db:JVNDBid:JVNDB-2020-010518date:2021-01-25T09:01:19
db:CNNVDid:CNNVD-202008-1472date:2021-01-05T00:00:00
db:NVDid:CVE-2020-7527date:2024-11-21T05:37:18.977

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-50552date:2020-09-07T00:00:00
db:VULHUBid:VHN-185652date:2020-08-31T00:00:00
db:VULMONid:CVE-2020-7527date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-010518date:2021-01-25T09:01:19
db:CNNVDid:CNNVD-202008-1472date:2020-08-31T00:00:00
db:NVDid:CVE-2020-7527date:2020-08-31T17:15:12.703