{"api_version":"1","generated_at":"2026-04-23T10:40:36+00:00","cve":"CVE-2020-7527","urls":{"html":"https://cve.report/CVE-2020-7527","api":"https://cve.report/api/cve/CVE-2020-7527.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7527","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7527"},"summary":{"title":"CVE-2020-7527","description":"Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2020-08-31 17:15:00","updated_at":"2020-09-04 17:56:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-224-07/","name":"https://www.se.com/ww/en/download/document/SEVD-2020-224-07/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Notification - SoMove | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7527","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7527","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"7527","vulnerable":"1","versionEndIncluding":"2.8.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"somove","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-7527","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"SoMove V2.8.1 and prior","version":{"version_data":[{"version_value":"SoMove V2.8.1 and prior"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-276: Incorrect Default Permission"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.se.com/ww/en/download/document/SEVD-2020-224-07/","url":"https://www.se.com/ww/en/download/document/SEVD-2020-224-07/"}]},"description":{"description_data":[{"lang":"eng","value":"Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched."}]}},"nvd":{"publishedDate":"2020-08-31 17:15:00","lastModifiedDate":"2020-09-04 17:56:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7527","Ordinal":"167806","Title":"CVE-2020-7527","CVE":"CVE-2020-7527","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7527","Ordinal":"1","NoteData":"Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7527","Ordinal":"2","NoteData":"2020-08-31","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7527","Ordinal":"3","NoteData":"2020-08-31","Type":"Other","Title":"Modified"}]}}}