Vulnerabilities > CVE-2020-7532 - Deserialization of Untrusted Data vulnerability in Schneider-Electric Scadapack X70 Security Administrator 1.2.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

schneider-electric

CWE-502

NVD

Published: 2020-09-16

Updated: 2020-09-21

Summary

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Scadapack X70 Security Administrator 1.2.0	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.se.com/ww/en/download/document/SEVD-2020-252-01/