Sign-up

ID

VAR-202009-1312


CVE

CVE-2020-7529


TITLE

SCADAPack 7x Remote Connect  Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-011239

DESCRIPTION

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. SCADAPack 7x Remote Connect Contains a path traversal vulnerability.Information may be tampered with. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions. Attackers can use this vulnerability to access locations outside of the restricted directory

Trust: 2.16

sources: NVD: CVE-2020-7529 // JVNDB: JVNDB-2020-011239 // CNVD: CNVD-2021-28292

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28292

AFFECTED PRODUCTS

vendor:schneider electricmodel:scadapack 7x remote connectscope:lteversion:3.6.3.574

Trust: 1.0

vendor:schneider electricmodel:scadapack 7x remote connectscope:eqversion: -

Trust: 0.8

vendor:schneider electricmodel:scadapack 7x remote connectscope:lteversion:3.6.3.574 and earlier

Trust: 0.8

vendor:schneidermodel:electric scadapack remote connectscope:eqversion:7x<=3.6.3.574

Trust: 0.6

sources: CNVD: CNVD-2021-28292 // JVNDB: JVNDB-2020-011239 // NVD: CVE-2020-7529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7529
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-7529
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-28292
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-7529
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-28292
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7529
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-7529
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28292 // JVNDB: JVNDB-2020-011239 // NVD: CVE-2020-7529

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011239 // NVD: CVE-2020-7529

PATCH

title:SEVD-2020-252-01 Security Notificationurl:https://www.se.com/ww/en/download/document/SEVD-2020-252-01/

Trust: 0.8

title:Patch for SCADAPack 7x Remote Connect path traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258121

Trust: 0.6

sources: CNVD: CNVD-2021-28292 // JVNDB: JVNDB-2020-011239

EXTERNAL IDS

db:NVDid:CVE-2020-7529

Trust: 2.4

db:SCHNEIDERid:SEVD-2020-252-01

Trust: 1.0

db:JVNDBid:JVNDB-2020-011239

Trust: 0.8

db:CNVDid:CNVD-2021-28292

Trust: 0.6

sources: CNVD: CNVD-2021-28292 // JVNDB: JVNDB-2020-011239 // NVD: CVE-2020-7529

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-7529

Trust: 1.4

url:https://www.se.com/ww/en/download/document/sevd-2020-252-01/

Trust: 1.0

sources: CNVD: CNVD-2021-28292 // JVNDB: JVNDB-2020-011239 // NVD: CVE-2020-7529

SOURCES

db:CNVDid:CNVD-2021-28292
db:JVNDBid:JVNDB-2020-011239
db:NVDid:CVE-2020-7529

LAST UPDATE DATE

2024-11-23T21:51:17.489000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-28292date:2021-04-15T00:00:00
db:JVNDBid:JVNDB-2020-011239date:2021-03-24T07:40:00
db:NVDid:CVE-2020-7529date:2024-11-21T05:37:19.190

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-28292date:2021-04-15T00:00:00
db:JVNDBid:JVNDB-2020-011239date:2021-03-24T00:00:00
db:NVDid:CVE-2020-7529date:2020-09-16T16:15:15.310