Sign-up

ID

VAR-202009-1314


CVE

CVE-2020-7531


TITLE

SCADAPack 7x Remote Connect  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011241

DESCRIPTION

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. SCADAPack 7x Remote Connect Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions

Trust: 2.25

sources: NVD: CVE-2020-7531 // JVNDB: JVNDB-2020-011241 // CNVD: CNVD-2021-28294 // VULMON: CVE-2020-7531

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28294

AFFECTED PRODUCTS

vendor:schneider electricmodel:scadapack 7x remote connectscope:lteversion:3.6.3.574

Trust: 1.0

vendor:schneider electricmodel:scadapack 7x remote connectscope:eqversion: -

Trust: 0.8

vendor:schneider electricmodel:scadapack 7x remote connectscope:lteversion:3.6.3.574 and earlier

Trust: 0.8

vendor:schneidermodel:electric scadapack remote connectscope:eqversion:7x<=3.6.3.574

Trust: 0.6

sources: CNVD: CNVD-2021-28294 // JVNDB: JVNDB-2020-011241 // NVD: CVE-2020-7531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7531
value: HIGH

Trust: 1.0

NVD: CVE-2020-7531
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-28294
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-1000
value: HIGH

Trust: 0.6

VULMON: CVE-2020-7531
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7531
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-28294
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7531
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-7531
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28294 // VULMON: CVE-2020-7531 // JVNDB: JVNDB-2020-011241 // CNNVD: CNNVD-202009-1000 // NVD: CVE-2020-7531

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011241 // NVD: CVE-2020-7531

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1000

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202009-1000

PATCH

title:SEVD-2020-252-01 Security Notificationurl:https://www.se.com/ww/en/download/document/SEVD-2020-252-01/

Trust: 0.8

title:Patch for SCADAPack 7x Remote Connect Improper Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258131

Trust: 0.6

title:Schneider SCADAPack Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128745

Trust: 0.6

sources: CNVD: CNVD-2021-28294 // JVNDB: JVNDB-2020-011241 // CNNVD: CNNVD-202009-1000

EXTERNAL IDS

db:NVDid:CVE-2020-7531

Trust: 3.1

db:SCHNEIDERid:SEVD-2020-252-01

Trust: 1.7

db:JVNDBid:JVNDB-2020-011241

Trust: 0.8

db:CNVDid:CNVD-2021-28294

Trust: 0.6

db:CNNVDid:CNNVD-202009-1000

Trust: 0.6

db:VULMONid:CVE-2020-7531

Trust: 0.1

sources: CNVD: CNVD-2021-28294 // VULMON: CVE-2020-7531 // JVNDB: JVNDB-2020-011241 // CNNVD: CNNVD-202009-1000 // NVD: CVE-2020-7531

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-7531

Trust: 2.0

url:https://www.se.com/ww/en/download/document/sevd-2020-252-01/

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-28294 // VULMON: CVE-2020-7531 // JVNDB: JVNDB-2020-011241 // CNNVD: CNNVD-202009-1000 // NVD: CVE-2020-7531

SOURCES

db:CNVDid:CNVD-2021-28294
db:VULMONid:CVE-2020-7531
db:JVNDBid:JVNDB-2020-011241
db:CNNVDid:CNNVD-202009-1000
db:NVDid:CVE-2020-7531

LAST UPDATE DATE

2024-11-23T21:51:17.562000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-28294date:2021-04-15T00:00:00
db:VULMONid:CVE-2020-7531date:2020-09-21T00:00:00
db:JVNDBid:JVNDB-2020-011241date:2021-03-24T07:40:00
db:CNNVDid:CNNVD-202009-1000date:2022-03-08T00:00:00
db:NVDid:CVE-2020-7531date:2024-11-21T05:37:19.403

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-28294date:2021-04-15T00:00:00
db:VULMONid:CVE-2020-7531date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2020-011241date:2021-03-24T00:00:00
db:CNNVDid:CNNVD-202009-1000date:2020-09-16T00:00:00
db:NVDid:CVE-2020-7531date:2020-09-16T16:15:15.497