Vulnerabilities > CVE-2020-7523 - Unspecified vulnerability in Schneider-Electric Modbus Driver Suite and Modbus Serial Driver

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

schneider-electric

NVD

Published: 2020-08-31

Updated: 2024-11-21

Summary

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Modbus Driver Suite - Schneider Electric Modbus Serial Driver -	3

References

https://www.se.com/ww/en/download/document/SEVD-2020-224-01/
https://www.se.com/ww/en/download/document/SEVD-2020-224-01/