exploitDog

CVE-2020-7528

Опубликовано: 16 сент. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

Ссылки

https://www.se.com/ww/en/download/document/SEVD-2020-252-01/
Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-252-01/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:scadapack_7x_remote_connect:*:*:*:*:*:*:*:*

Версия до 3.6.3.574 (включая)

EPSS

Процентиль: 61%

0.00407

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-hqx3-2rj3-qx6v

github

больше 3 лет назад

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

EPSS

Процентиль: 61%

0.00407

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502