Vulnerabilities > CVE-2020-7531 - Unspecified vulnerability in Schneider-Electric Scadapack 7X Remote Connect 3.6.3.574

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

schneider-electric

NVD

Published: 2020-09-16

Updated: 2020-09-21

Summary

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Scadapack 7X Remote Connect 3.6.3.574	1

References

https://www.se.com/ww/en/download/document/SEVD-2020-252-01/