CVE-2020-7523
Summary
| CVE | CVE-2020-7523 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-31 17:15:00 UTC |
| Updated | 2021-06-04 14:16:00 UTC |
| Description | Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Schneider-electric | Modbus Driver Suite | All | All | All | All |
| Application | Schneider-electric | Modbus Serial Driver | All | All | All | All |
| Application | Schneider-electric | Modbus Serial Driver | All | All | All | All |
| Application | Schneider Electric | Modbus Driver Suite | All | All | All | All |
| Application | Schneider Electric | Modbus Driver Suite | All | All | All | All |
| Application | Schneider Electric | Modbus Serial Driver | All | All | All | All |
| Application | Schneider Electric | Modbus Serial Driver | All | All | All | All |
| Application | Schneider Electric | Modbus Serial Driver | All | All | All | All |
| Application | Schneider Electric | Modbus Serial Driver | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Notification - Schneider Electric Modbus Serial Driver V1.1 | Schneider Electric | MISC | www.se.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.