Vulnerabilities > Schneider Electric > Enterprise Server Installer > 3.1

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-19	CVE-2020-28209	Unquoted Search Path or Element vulnerability in Schneider-Electric Enterprise Server Installer 1.9/3.1 A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. local schneider-electric CWE-428	4.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.