CVE-2020-7523
HIGHSchneider Electric Modbus Serial Driver - Local Privilege Escalation via Service Invocation
Title source: llmDescription
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-224-01/
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (3)
schneider-electric/modbus_driver_suite
< 14.15.0.0
schneider-electric/modbus_serial_driver
< 2.20_ie_30
schneider-electric/modbus_serial_driver
< 3.20_ie_30
Published
Aug 31, 2020
Tracked Since
Feb 18, 2026