PT-2020-3663 · Schneider Electric · Somove

Published

2020-08-11

Updated

2020-09-04

CVE-2020-7527

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SoMove versions prior to V2.8.1

Description The issue is related to incorrect default permissions in SoMove, which could lead to elevation of privilege, providing full access control to local system users over SoMove components and services when the SoMove installer script is launched. This could be exploited by an attacker to gain elevated privileges.

Recommendations For SoMove versions prior to V2.8.1, update to a version that fixes the incorrect default permission issue to prevent elevation of privilege. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BDU:2020-04011

CVE-2020-7527

Affected Products

Somove

PT-2020-3663 · Schneider Electric · Somove

CVE-2020-7527

Weakness Enumeration

Related Identifiers

Affected Products

References · 6