CVE-2020-7523

CVE-2020-7523

Vendor N/A
Product Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30, Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30, and Schneider Electric Modbus Driver Suite versions prior to V14.15.0.0
Weakness CWE-269
Published August 31, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Key dates

02Disclosure timeline

August 31, 2020 CVE published
August 4, 2024 Record updated