Details of VAR-202009-1313

ID

VAR-202009-1313

CVE

CVE-2020-7530

TITLE

SCADAPack 7x Remote Connect Authorization vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011240

DESCRIPTION

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions. An attacker can use this vulnerability to gain incorrect access to the folder

Trust: 2.25

sources: NVD: CVE-2020-7530 // JVNDB: JVNDB-2020-011240 // CNVD: CNVD-2021-28293 // VULMON: CVE-2020-7530

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-28293

AFFECTED PRODUCTS

vendor:	schneider electric	model:	scadapack 7x remote connect	scope:	lte	version:	3.6.3.574	Trust: 1.0
vendor:	schneider electric	model:	scadapack 7x remote connect	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider electric	model:	scadapack 7x remote connect	scope:	lte	version:	3.6.3.574 and earlier	Trust: 0.8
vendor:	schneider	model:	electric scadapack remote connect	scope:	eq	version:	7x<=3.6.3.574	Trust: 0.6

sources: CNVD: CNVD-2021-28293 // JVNDB: JVNDB-2020-011240 // NVD: CVE-2020-7530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7530
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-7530
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-28293
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202009-999
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-7530
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7530
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-28293
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7530
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7530
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-28293 // VULMON: CVE-2020-7530 // JVNDB: JVNDB-2020-011240 // CNNVD: CNNVD-202009-999 // NVD: CVE-2020-7530

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-285	Trust: 1.0
problemtype:	Inappropriate authorization (CWE-285) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011240 // NVD: CVE-2020-7530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-999

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-999

PATCH

title:	SEVD-2020-252-01 Security Notification	url:	https://www.se.com/ww/en/download/document/SEVD-2020-252-01/	Trust: 0.8
title:	Patch for SCADAPack Remote Connect authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/258126	Trust: 0.6
title:	SCADAPack Remote Connect Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128744	Trust: 0.6

sources: CNVD: CNVD-2021-28293 // JVNDB: JVNDB-2020-011240 // CNNVD: CNNVD-202009-999

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7530	Trust: 3.1
db:	SCHNEIDER	id:	SEVD-2020-252-01	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-011240	Trust: 0.8
db:	CNVD	id:	CNVD-2021-28293	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-999	Trust: 0.6
db:	VULMON	id:	CVE-2020-7530	Trust: 0.1

sources: CNVD: CNVD-2021-28293 // VULMON: CVE-2020-7530 // JVNDB: JVNDB-2020-011240 // CNNVD: CNNVD-202009-999 // NVD: CVE-2020-7530

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7530	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-252-01/	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-7530	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-28293 // VULMON: CVE-2020-7530 // JVNDB: JVNDB-2020-011240 // CNNVD: CNNVD-202009-999 // NVD: CVE-2020-7530

SOURCES

db:	CNVD	id:	CNVD-2021-28293
db:	VULMON	id:	CVE-2020-7530
db:	JVNDB	id:	JVNDB-2020-011240
db:	CNNVD	id:	CNNVD-202009-999
db:	NVD	id:	CVE-2020-7530

LAST UPDATE DATE

2024-11-23T21:51:17.511000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-28293	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2020-7530	date:	2022-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-011240	date:	2021-03-24T07:40:00
db:	CNNVD	id:	CNNVD-202009-999	date:	2022-09-05T00:00:00
db:	NVD	id:	CVE-2020-7530	date:	2024-11-21T05:37:19.293

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-28293	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2020-7530	date:	2020-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-011240	date:	2021-03-24T00:00:00
db:	CNNVD	id:	CNNVD-202009-999	date:	2020-09-16T00:00:00
db:	NVD	id:	CVE-2020-7530	date:	2020-09-16T16:15:15.420