CVE-2020-7523

Name of the Vulnerable Software and Affected Versions Schneider Electric Modbus Serial Driver (affected versions not specified) Schneider Electric Modbus Driver Suite (affected versions not specified)

Description The issue is related to improper privilege management, which could lead to local privilege escalation when the Modbus Serial Driver service is invoked. This occurs because the driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. The vulnerability may allow an attacker to elevate their privileges.

Recommendations For Schneider Electric Modbus Serial Driver, update to a version that properly manages privileges, as indicated in the security notification. For Schneider Electric Modbus Driver Suite, apply the necessary security patches or updates to address the improper privilege management issue. As a temporary workaround, consider restricting access to the Modbus Serial Driver service to minimize the risk of exploitation.