CVE-2020-7520 Vulnerability Details

  /     /     /  

CVE-2020-7520 Metadata Quick Info

CVE Published: 23/07/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: schneider | Vendor: n/a | Product: Schneider Electric Software Update (SESU) V2.4.0 and prior.
Status : PUBLISHED

CVE-2020-7520 Description

A CWE-601: URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim\'s machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker\'s possession. A man-in-the-middle attack is then used to complete the exploit.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-601
CWE Name: CWE-601: URL Redirection to Untrusted Site ( Open Redirect )
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2020-7520 Vulnerability Details