← back
CVE-2020-7520

CVE-2020-7520

EPSS 0.9%CWE-601
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Jul 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.
Affected products
n/a · Schneider Electric Software Update (SESU) V2.4.0 and prior.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.se.com/ww/en/download/document/SEVD-2020-196-01/