CVE-2020-7547

Name of the Vulnerable Software and Affected Versions EcoStruxure and SmartStruxure Power Monitoring and SCADA Software (affected versions not specified) Power Monitoring Expert (affected versions not specified) EcoStruxure Energy Expert (affected versions not specified) Power Manager (affected versions not specified) StruxureWare PowerSCADA Expert (affected versions not specified)

Description A vulnerability exists in the software that could allow a user to perform actions via the web interface at a higher privilege level due to improper access control. This issue is related to deficiencies in access control, which could allow a remote attacker to elevate their privileges.

Recommendations For EcoStruxure and SmartStruxure Power Monitoring and SCADA Software, consider restricting access to the web interface until a patch is available. For Power Monitoring Expert, EcoStruxure Energy Expert, Power Manager, and StruxureWare PowerSCADA Expert, restrict access to sensitive areas of the software to minimize the risk of exploitation. As a temporary workaround, consider disabling remote access to the software until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.