CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7545

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.2%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

Products affected by CVE-2020-7545

Schneider-Electric » Ecostruxure Energy Expert » Version: 2.0

cpe:2.3:a:schneider-electric:ecostruxure_energy_expert:2.0
Schneider-Electric » Ecostruxure Power Monitoring Expert » Version: 7.0

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:7.0
Schneider-Electric » Ecostruxure Power Monitoring Expert » Version: 8.0

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:8.0
Schneider-Electric » Ecostruxure Power Monitoring Expert » Version: 9.0

cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:9.0
Schneider-Electric » Power Manager » Version: 1.1

cpe:2.3:a:schneider-electric:power_manager:1.1
Schneider-Electric » Power Manager » Version: 1.2

cpe:2.3:a:schneider-electric:power_manager:1.2
Schneider-Electric » Power Manager » Version: 1.3

cpe:2.3:a:schneider-electric:power_manager:1.3
Schneider-Electric » Powerscada Expert With Advanced Reporting And Dashboards » Version: 8.0

cpe:2.3:a:schneider-electric:powerscada_expert_with_advanced_reporting_and_dashboards:8.0
Schneider-Electric » Powerscada Operation With Advanced Reporting And Dashboards » Version: 9.0

cpe:2.3:a:schneider-electric:powerscada_operation_with_advanced_reporting_and_dashboards:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7545

Products

Pricing

Contact Us