CVE-2020-7499

{"id": "CVE-2020-7499", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-06-16T20:15:14.770", "references": [{"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."}, {"lang": "es", "value": "Una CWE-863: Se presenta una vulnerabilidad de autorizaci\u00f3n incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificaci\u00f3n de seguridad) que podr\u00edan causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados"}], "lastModified": "2024-11-21T05:37:15.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0001_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B3DF18-FE18-4465-8223-8AF2B286746D", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22E79A6F-C946-43A7-B492-7F3F8CFB18CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6501-0002_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF40C8EB-9735-43D5-A947-087EFE6AF6F8", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6501-0002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B17C76A-749C-44DA-8144-51E4328C4768"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB0811DB-2E4D-4A14-8F87-2C24189D352A", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D91BDED-9BCF-473A-AB1B-824AA1EDE586"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0415_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E369B5A4-1F69-48C1-8C07-0E7C61683EDA", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0415:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "436B2EB8-6D93-41FF-BD6E-932D69C4E197"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0176D45B-9007-4558-8D72-B56454EB9733", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F046097B-B818-4775-A53D-B22F258CB255"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:mtn6260-0315_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD29EA41-FA54-45A7-BB61-76D6B1CEF5C4", "versionEndExcluding": "1.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:mtn6260-0315:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DD21D34-FBBD-4645-8C60-42825281D0FE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}