VAR-202009-1311
Vulnerability from variot - Updated: 2024-11-23 21:51A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. SCADAPack 7x Remote Connect Is vulnerable to an untrusted data deserialization.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCADAPack 7x RemoteConnect is a software tool for users to monitor, configure, program and debug SCADAPack 470, 474, 570, 574, 575 intelligent RTU.
SCADAPack 7x Remote Connect 3.6.3.574 and earlier versions have code issue vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapack 7x remote connect",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.6.3.574"
},
{
"model": "scadapack 7x remote connect",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "scadapack 7x remote connect",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.6.3.574 and earlier"
},
{
"model": "electric scadapack remote connect",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "7x\u003c=3.6.3.574"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"cve": "CVE-2020-7528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-7528",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-28291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-7528",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7528",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7528",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-7528",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-28291",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. SCADAPack 7x Remote Connect Is vulnerable to an untrusted data deserialization.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCADAPack 7x RemoteConnect is a software tool for users to monitor, configure, program and debug SCADAPack 470, 474, 570, 574, 575 intelligent RTU. \n\r\n\r\nSCADAPack 7x Remote Connect 3.6.3.574 and earlier versions have code issue vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7528"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "CNVD",
"id": "CNVD-2021-28291"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7528",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-252-01",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-28291",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"id": "VAR-202009-1311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
}
]
},
"last_update_date": "2024-11-23T21:51:17.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-252-01 Security\u00a0Notification",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-252-01/"
},
{
"title": "Patch for SCADAPack 7x Remote Connect code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/258116"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7528"
},
{
"trust": 1.0,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-252-01/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"date": "2020-09-16T16:15:15.217000",
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28291"
},
{
"date": "2021-03-24T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2020-011238"
},
{
"date": "2024-11-21T05:37:19.080000",
"db": "NVD",
"id": "CVE-2020-7528"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SCADAPack\u00a07x\u00a0Remote\u00a0Connect\u00a0 Unreliable Data Deserialization Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011238"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…