CVE-2020-7478 : Security Advisory and Response
Learn about CVE-2020-7478 affecting IGSS (Interactive Graphical SCADA System) versions 14 and prior. Discover the impact, affected systems, exploitation, and mitigation steps.
A CWE-22 vulnerability in IGSS (Interactive Graphical SCADA System) versions 14 and prior allows remote unauthenticated attackers to read arbitrary files from the server PC.
Understanding CVE-2020-7478
This CVE involves an Improper Limitation of a Pathname to a Restricted Directory in IGSS.
What is CVE-2020-7478?
The vulnerability in IGSS (Versions 14 and prior using the service: IGSSupdate) enables unauthorized access to sensitive files on the server.
The Impact of CVE-2020-7478
- Remote unauthenticated attackers can read arbitrary files from the IGSS server PC
- Exploitation is possible on unrestricted or shared networks with the IGSS Update Service enabled
Technical Details of CVE-2020-7478
The technical aspects of the vulnerability in IGSS.
Vulnerability Description
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory
Affected Systems and Versions
- IGSS (Interactive Graphical SCADA System) versions prior to 14.0.0.20009
- IGSS (Interactive Graphical SCADA System) versions 14 and prior using the service: IGSSupdate
Exploitation Mechanism
- Attackers exploit the vulnerability to access files on the server PC
Mitigation and Prevention
Protecting systems from CVE-2020-7478.
Immediate Steps to Take
- Disable the IGSS Update Service if not essential
- Implement network segmentation to restrict access
Long-Term Security Practices
- Regularly update IGSS to the latest version
- Conduct security assessments to identify vulnerabilities
Patching and Updates
- Apply patches provided by the vendor to fix the vulnerability