CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7479

A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
https://www.zerodayinitiative.com/advisories/ZDI-20-370/
https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
https://www.zerodayinitiative.com/advisories/ZDI-20-370/

Products affected by CVE-2020-7479

Schneider-Electric » Interactive Graphical Scada System » Version: 14.0

cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0
Schneider-Electric » Interactive Graphical Scada System » Version: 14.0.0.19120

cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0.0.19120

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7479

Products

Pricing

Contact Us