A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2020-070-01/ | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-20-370/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-03-23 13:15
Updated : 2022-10-06 12:37
NVD link : CVE-2020-7479
Mitre link : CVE-2020-7479
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
schneider-electric
- interactive_graphical_scada_system