FortiClient Vulnerability

Schneider Electric Software Update CVE-2020-7520 Spoofing Vulnerability

Description

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.

Affected Applications

Schneider Electric Software Update

CVE References

CVE-2020-7520

Other References

https://www.se.com/ww/en/download/document/SEVD-2020-196-01/

ID	2399
Created	Sep 24, 2021
Description Updated	Oct 26, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	Schneider Electric
Patch	manual
Application	Schneider Electric Software Update

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Schneider Electric Software Update CVE-2020-7520 Spoofing Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Schneider Electric Software Update CVE-2020-7520 Spoofing Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center