CVE-2020-7573 - Vulnerability Details - OpenCVE

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Webreports

Configuration 1 [-]

cpe:2.3:a:schneider-electric:webreports:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/managed-detection-response
https://www.se.com/ww/en/download/document/SEVD-2020-315-04/

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2020-11-19T21:02:45.000Z

Updated: 2024-08-04T09:33:19.573Z

Reserved: 2020-01-21T00:00:00.000Z

Link: CVE-2020-7573

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-19T22:15:15.520

Modified: 2024-11-21T05:37:24.130

Link: CVE-2020-7573

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EcoStruxure Building Operation WebReports V1.9 - V3.1", "vendor": "n/a", "versions": [{"status": "affected", "version": "EcoStruxure Building Operation WebReports V1.9 - V3.1"}]}], "descriptions": [{"lang": "en", "value": "A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-19T21:02:45.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2020-7573", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EcoStruxure Building Operation WebReports V1.9 - V3.1", "version": {"version_data": [{"version_value": "EcoStruxure Building Operation WebReports V1.9 - V3.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.573Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2020-7573", "datePublished": "2020-11-19T21:02:45.000Z", "dateReserved": "2020-01-21T00:00:00.000Z", "dateUpdated": "2024-08-04T09:33:19.573Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:webreports:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFEA3AED-DBEB-4B15-AD56-CEE221637C39", "versionEndIncluding": "3.1", "versionStartIncluding": "1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de control de acceso inapropiado CWE-284 en EcoStruxure Building Operation WebReports versiones V1.9 - V3.1, que podr\u00eda causar que un atacante remoto pueda acceder a recursos web restringidos debido a un control de acceso inapropiado"}], "id": "CVE-2020-7573", "lastModified": "2024-11-21T05:37:24.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-19T22:15:15.520", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Product", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Product", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-04/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}