Description
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-224-07/
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
30.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
schneider-electric/somove
< 2.8.1
Published
Aug 31, 2020
Tracked Since
Feb 18, 2026