CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7478

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 82.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
https://www.zerodayinitiative.com/advisories/ZDI-20-371/
https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
https://www.zerodayinitiative.com/advisories/ZDI-20-371/

Products affected by CVE-2020-7478

Schneider-Electric » Interactive Graphical Scada System » Version: 14.0

cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0
Schneider-Electric » Interactive Graphical Scada System » Version: 14.0.0.19120

cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0.0.19120

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7478

Products

Pricing

Contact Us