Improper access control

2020-12-0115:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.9%

JSON

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.

CPENameOperatorVersion
ecostruxure_energy_experteq2.0
ecostruxure_power_monitoring_experteq9.0
ecostruxure_power_monitoring_experteq8.0
ecostruxure_power_monitoring_experteq7.0
power_managereq1.1
power_managereq1.2
power_managereq1.3
powerscada_expert_with_advanced_reporting_and_dashboardseq8.0
powerscada_operation_with_advanced_reporting_and_dashboardseq9.0

Name	Operator	Version
ecostruxure_energy_expert	eq	2.0
ecostruxure_power_monitoring_expert	eq	9.0
ecostruxure_power_monitoring_expert	eq	8.0
ecostruxure_power_monitoring_expert	eq	7.0
power_manager	eq	1.1
power_manager	eq	1.2
power_manager	eq	1.3
powerscada_expert_with_advanced_reporting_and_dashboards	eq	8.0
powerscada_operation_with_advanced_reporting_and_dashboards	eq	9.0

References

www.se.com/ww/en/download/document/SEVD-2020-287-04/