CVE-2020-7499

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-133-03/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-16 20:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-7499

Mitre link : CVE-2020-7499

CVE.ORG link : CVE-2020-7499

JSON object : View

Products Affected

schneider-electric

mtn6501-0001
mtn6260-0315_firmware
mtn6260-0415_firmware
mtn6260-0310
mtn6260-0410
mtn6260-0410_firmware
mtn6260-0315
mtn6260-0310_firmware
mtn6501-0002_firmware
mtn6260-0415
mtn6501-0001_firmware
mtn6501-0002

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2020-7499", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-06-16T20:15:14.770", "references": [{"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."}, {"lang": "es", "value": "Una CWE-863: Se presenta una vulnerabilidad de autorizaci\u00f3n incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) que podr\u00edan causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados"}], "lastModified": "2022-02-03T14:25:52.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}