Improper access control

2020-12-0115:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

JSON

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

CPENameOperatorVersion
ecostruxure_energy_experteq2.0
ecostruxure_power_monitoring_experteq9.0
ecostruxure_power_monitoring_experteq8.0
ecostruxure_power_monitoring_experteq7.0
power_managereq1.1
power_managereq1.2
power_managereq1.3
powerscada_expert_with_advanced_reporting_and_dashboardseq8.0
powerscada_operation_with_advanced_reporting_and_dashboardseq9.0

Name	Operator	Version
ecostruxure_energy_expert	eq	2.0
ecostruxure_power_monitoring_expert	eq	9.0
ecostruxure_power_monitoring_expert	eq	8.0
ecostruxure_power_monitoring_expert	eq	7.0
power_manager	eq	1.1
power_manager	eq	1.2
power_manager	eq	1.3
powerscada_expert_with_advanced_reporting_and_dashboards	eq	8.0
powerscada_operation_with_advanced_reporting_and_dashboards	eq	9.0

References

www.se.com/ww/en/download/document/SEVD-2020-287-04/