CVE-2020-7520

Name of the Vulnerable Software and Affected Versions Schneider Electric Software Update (SESU) versions 2.4.0 and prior

Description A URL redirection to untrusted site issue exists, which could lead to the execution of malicious code on the victim's machine. To exploit this, an attacker needs privileged access to modify a Windows registry key, diverting traffic updates through a server they control, and then uses a man-in-the-middle attack to complete the exploit. The vulnerability can allow a remote attacker to execute arbitrary code.

Recommendations For versions 2.4.0 and prior, as a temporary workaround, consider restricting access to the Windows registry key that can be modified to divert traffic updates, until a patch is available. Additionally, restrict access to the engineering workstation to prevent privileged access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.