Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HSchneider Electric Modbus Driver Suite
APPSchneider-Electric< 14.15.0.0Schneider Electric Modbus Serial Driver
APPSchneider-Electric< 2.20_ie_30< 3.20_ie_30
Related vulnerabilities
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through...
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus S...
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...
Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)
Ujawnienie poświadczeń w urządzeniu Schneider Electric WHC-5918A