CVE-2020-7547
HIGHEcoStruxure and SmartStruxure Power Monitoring and SCADA Software - Improper Access Control via Web Interface
Title source: llmDescription
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-287-04/
Scores
CVSS v3
8.8
EPSS
0.0034
EPSS Percentile
56.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (9)
schneider-electric/ecostruxure_energy_expert
2.0
schneider-electric/ecostruxure_power_monitoring_expert
7.0
schneider-electric/ecostruxure_power_monitoring_expert
8.0
schneider-electric/ecostruxure_power_monitoring_expert
9.0
schneider-electric/power_manager
1.1
schneider-electric/power_manager
1.2
schneider-electric/power_manager
1.3
schneider-electric/powerscada_expert_with_advanced_reporting_and_dashboards
8.0
schneider-electric/powerscada_operation_with_advanced_reporting_and_dashboards
9.0
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026