Back to search
CVE-2020-7479
Published: Mar 23, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
| Vendor | Product | Versions |
|---|---|---|
n/a | IGSS (Interactive Graphical SCADA System) (IGSS Version prior to 14.0.0.20009) | affected IGSS (Interactive Graphical SCADA System) (Versions 14 and prior using the service: IGSSupdate) |
Weaknesses (CWE)
References
https://www.se.com/ww/en/download/document/SEVD-2020-070-01/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-370/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now