Details of VAR-202009-1311

ID

VAR-202009-1311

CVE

CVE-2020-7528

TITLE

SCADAPack 7x Remote Connect Unreliable Data Deserialization Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011238

DESCRIPTION

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. SCADAPack 7x Remote Connect Is vulnerable to an untrusted data deserialization.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCADAPack 7x RemoteConnect is a software tool for users to monitor, configure, program and debug SCADAPack 470, 474, 570, 574, 575 intelligent RTU. SCADAPack 7x Remote Connect 3.6.3.574 and earlier versions have code issue vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-7528 // JVNDB: JVNDB-2020-011238 // CNVD: CNVD-2021-28291

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-28291

AFFECTED PRODUCTS

vendor:	schneider electric	model:	scadapack 7x remote connect	scope:	lte	version:	3.6.3.574	Trust: 1.0
vendor:	schneider electric	model:	scadapack 7x remote connect	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	scadapack 7x remote connect	scope:	lte	version:	3.6.3.574 and earlier	Trust: 0.8
vendor:	schneider	model:	electric scadapack remote connect	scope:	eq	version:	7x<=3.6.3.574	Trust: 0.6

sources: CNVD: CNVD-2021-28291 // JVNDB: JVNDB-2020-011238 // NVD: CVE-2020-7528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7528
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-7528
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-28291
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-7528
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-28291
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7528
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7528
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-28291 // JVNDB: JVNDB-2020-011238 // NVD: CVE-2020-7528

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.0
problemtype:	Deserialization of untrusted data (CWE-502) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011238 // NVD: CVE-2020-7528

PATCH

title:	SEVD-2020-252-01 Security Notification	url:	https://www.se.com/ww/en/download/document/SEVD-2020-252-01/	Trust: 0.8
title:	Patch for SCADAPack 7x Remote Connect code issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/258116	Trust: 0.6

sources: CNVD: CNVD-2021-28291 // JVNDB: JVNDB-2020-011238

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7528	Trust: 2.4
db:	SCHNEIDER	id:	SEVD-2020-252-01	Trust: 1.0
db:	JVNDB	id:	JVNDB-2020-011238	Trust: 0.8
db:	CNVD	id:	CNVD-2021-28291	Trust: 0.6

sources: CNVD: CNVD-2021-28291 // JVNDB: JVNDB-2020-011238 // NVD: CVE-2020-7528

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7528	Trust: 1.4
url:	https://www.se.com/ww/en/download/document/sevd-2020-252-01/	Trust: 1.0

sources: CNVD: CNVD-2021-28291 // JVNDB: JVNDB-2020-011238 // NVD: CVE-2020-7528

SOURCES

db:	CNVD	id:	CNVD-2021-28291
db:	JVNDB	id:	JVNDB-2020-011238
db:	NVD	id:	CVE-2020-7528

LAST UPDATE DATE

2024-11-23T21:51:17.539000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-28291	date:	2021-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-011238	date:	2021-03-24T07:40:00
db:	NVD	id:	CVE-2020-7528	date:	2024-11-21T05:37:19.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-28291	date:	2021-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-011238	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2020-7528	date:	2020-09-16T16:15:15.217