VAR-202009-1313
Vulnerability from variot - Updated: 2024-11-23 21:51A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions. An attacker can use this vulnerability to gain incorrect access to the folder
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapack 7x remote connect",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.6.3.574"
},
{
"model": "scadapack 7x remote connect",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "scadapack 7x remote connect",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "3.6.3.574 and earlier"
},
{
"model": "electric scadapack remote connect",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "7x\u003c=3.6.3.574"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"cve": "CVE-2020-7530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-7530",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-28293",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7530",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-7530",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-28293",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-999",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-7530",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "VULMON",
"id": "CVE-2020-7530"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
},
{
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. SCADAPack is an intelligent field controller of French Schneider-electric. The controller combines the monitoring and communication capabilities of remote terminal control (RTU), the processing and data recording functions of programmable logic controllers (PLC). Remote process monitoring and autonomous control provide excellent functions. An attacker can use this vulnerability to gain incorrect access to the folder",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7530"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "VULMON",
"id": "CVE-2020-7530"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7530",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-252-01",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-28293",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-999",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-7530",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "VULMON",
"id": "CVE-2020-7530"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
},
{
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"id": "VAR-202009-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
}
]
},
"last_update_date": "2024-11-23T21:51:17.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-252-01 Security\u00a0Notification",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-252-01/"
},
{
"title": "Patch for SCADAPack Remote Connect authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/258126"
},
{
"title": "SCADAPack Remote Connect Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128744"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-285",
"trust": 1.0
},
{
"problemtype": "Inappropriate authorization (CWE-285) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7530"
},
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-252-01/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-7530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "VULMON",
"id": "CVE-2020-7530"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
},
{
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"db": "VULMON",
"id": "CVE-2020-7530"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
},
{
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"date": "2020-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7530"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"date": "2020-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-999"
},
{
"date": "2020-09-16T16:15:15.420000",
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28293"
},
{
"date": "2022-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7530"
},
{
"date": "2021-03-24T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2020-011240"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-999"
},
{
"date": "2024-11-21T05:37:19.293000",
"db": "NVD",
"id": "CVE-2020-7530"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SCADAPack\u00a07x\u00a0Remote\u00a0Connect\u00a0 Authorization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-999"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…