ID

VAR-202011-1288


CVE

CVE-2020-7552


TITLE

Schneider Electric Made Interactive Graphical SCADA System Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009593

DESCRIPTION

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Interactive Graphical SCADA System (IGSS) Is Schneider Electric Software for monitoring and controlling control systems provided by the company. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Interactive Graphical SCADA System has a buffer overflow vulnerability. No detailed vulnerability details are currently provided

Trust: 2.88

sources: NVD: CVE-2020-7552 // JVNDB: JVNDB-2020-009593 // ZDI: ZDI-21-125 // CNVD: CNVD-2020-67319 // VULHUB: VHN-185677

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-67319

AFFECTED PRODUCTS

vendor:schneider electricmodel:interactive graphical scada systemscope:lteversion:14.0.0.20247

Trust: 1.0

vendor:schneider electricmodel:interactive graphical scada systemscope:eqversion:version 14.0.0.20247

Trust: 0.8

vendor:schneider electricmodel:igssscope: - version: -

Trust: 0.7

vendor:schneidermodel:electric interactive graphical scada systemscope: - version: -

Trust: 0.6

sources: ZDI: ZDI-21-125 // CNVD: CNVD-2020-67319 // JVNDB: JVNDB-2020-009593 // NVD: CVE-2020-7552

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-009593
value: HIGH

Trust: 7.2

nvd@nist.gov: CVE-2020-7552
value: HIGH

Trust: 1.0

ZDI: CVE-2020-7552
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-67319
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1562
value: HIGH

Trust: 0.6

VULHUB: VHN-185677
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7552
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-67319
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-185677
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

IPA score: JVNDB-2020-009593
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 7.2

nvd@nist.gov: CVE-2020-7552
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2020-7552
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-125 // CNVD: CNVD-2020-67319 // VULHUB: VHN-185677 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // JVNDB: JVNDB-2020-009593 // CNNVD: CNNVD-202011-1562 // NVD: CVE-2020-7552

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

problemtype:CWE-119

Trust: 0.9

problemtype:CWE-125

Trust: 0.8

sources: VULHUB: VHN-185677 // JVNDB: JVNDB-2020-009593 // NVD: CVE-2020-7552

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1562

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1562

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009593

PATCH

title:Security Notification - Interactive Graphical SCADA System (IGSS)url:https://www.se.com/ww/en/download/document/SEVD-2020-315-03

Trust: 0.8

title:IGSS Licensed Versionsurl:https://igss.schneider-electric.com/licensed-versions

Trust: 0.8

title:Schneider Electric has issued an update to correct this vulnerability.url:https://www.se.com/ww/en/download/document/SEVD-2020-315-03/

Trust: 0.7

title:Patch for Schneider Electric Interactive Graphical SCADA System buffer overflow vulnerability (CNVD-2020-67319)url:https://www.cnvd.org.cn/patchInfo/show/241399

Trust: 0.6

title:Schneider Electric Interactive Graphical SCADA System Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135153

Trust: 0.6

sources: ZDI: ZDI-21-125 // CNVD: CNVD-2020-67319 // JVNDB: JVNDB-2020-009593 // CNNVD: CNNVD-202011-1562

EXTERNAL IDS

db:NVDid:CVE-2020-7552

Trust: 3.8

db:SCHNEIDERid:SEVD-2020-315-03

Trust: 2.3

db:ICS CERTid:ICSA-20-324-04

Trust: 1.4

db:ZDIid:ZDI-21-125

Trust: 1.3

db:JVNid:JVNVU99979220

Trust: 0.8

db:JVNDBid:JVNDB-2020-009593

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11269

Trust: 0.7

db:CNVDid:CNVD-2020-67319

Trust: 0.7

db:CNNVDid:CNNVD-202011-1562

Trust: 0.7

db:AUSCERTid:ESB-2020.4088

Trust: 0.6

db:VULHUBid:VHN-185677

Trust: 0.1

sources: ZDI: ZDI-21-125 // CNVD: CNVD-2020-67319 // VULHUB: VHN-185677 // JVNDB: JVNDB-2020-009593 // CNNVD: CNNVD-202011-1562 // NVD: CVE-2020-7552

REFERENCES

url:https://www.se.com/ww/en/download/document/sevd-2020-315-03/

Trust: 3.0

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-324-04

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7550

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7558

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7551

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7552

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7553

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7554

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7555

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7556

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7557

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99979220

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-125/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7552

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4088/

Trust: 0.6

sources: ZDI: ZDI-21-125 // CNVD: CNVD-2020-67319 // VULHUB: VHN-185677 // JVNDB: JVNDB-2020-009593 // CNNVD: CNNVD-202011-1562 // NVD: CVE-2020-7552

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-21-125

SOURCES

db:ZDIid:ZDI-21-125
db:CNVDid:CNVD-2020-67319
db:VULHUBid:VHN-185677
db:JVNDBid:JVNDB-2020-009593
db:CNNVDid:CNNVD-202011-1562
db:NVDid:CVE-2020-7552

LAST UPDATE DATE

2024-11-23T21:35:03.725000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-125date:2021-02-01T00:00:00
db:CNVDid:CNVD-2020-67319date:2020-11-27T00:00:00
db:VULHUBid:VHN-185677date:2022-01-01T00:00:00
db:JVNDBid:JVNDB-2020-009593date:2020-11-19T08:46:47
db:CNNVDid:CNNVD-202011-1562date:2021-04-20T00:00:00
db:NVDid:CVE-2020-7552date:2024-11-21T05:37:22.017

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-125date:2021-02-01T00:00:00
db:CNVDid:CNVD-2020-67319date:2020-11-27T00:00:00
db:VULHUBid:VHN-185677date:2020-11-19T00:00:00
db:JVNDBid:JVNDB-2020-009593date:2020-11-19T08:46:47
db:CNNVDid:CNNVD-202011-1562date:2020-11-17T00:00:00
db:NVDid:CVE-2020-7552date:2020-11-19T22:15:14.303