Login Sign Up

CVE-2020-7558

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution through an out-of-bounds write in Schneider Electric's IGSS Definition software. Attackers can exploit it by tricking users into importing a malicious configuration file, potentially gaining full control of affected systems. Organizations using IGSS Definition version 14.0.0.20247 are affected.

💻 Affected Systems

Products:
  • Schneider Electric IGSS Definition
Versions: 14.0.0.20247
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to import malicious CGF file. Typically used in industrial control system environments.

📦 What is this software?

Interactive Graphical Scada System by Schneider Electric

View all CVEs affecting Interactive Graphical Scada System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining administrative privileges, data theft, lateral movement within network, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to system control, data manipulation in industrial control systems, and disruption of operational processes.

🟢

If Mitigated

Limited impact with proper network segmentation, file validation, and user privilege restrictions preventing successful exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious file is imported. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 14.0.0.20248 or later

Vendor Advisory: https://www.se.com/ww/en/download/document/SEVD-2020-315-03/

Restart Required: Yes

Instructions:

1. Download updated version from Schneider Electric portal. 2. Backup current configuration. 3. Install update. 4. Restart system. 5. Verify version.

🔧 Temporary Workarounds

Restrict CGF file imports

windows

Block import of CGF files through application settings or group policy

User training and awareness

all

Train users to only import configuration files from trusted sources

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate IGSS systems
  • Use application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check IGSS Definition version in Help > About. If version is exactly 14.0.0.20247, system is vulnerable.

Check Version:

Not applicable - check through application GUI

Verify Fix Applied:

Verify version is 14.0.0.20248 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CGF file import activity
  • Process creation from IGSS Definition with suspicious parameters

Network Indicators:

  • Unexpected outbound connections from IGSS systems
  • File transfers to/from IGSS Definition

SIEM Query:

Process creation where parent process contains 'def.exe' AND command line contains unusual parameters

📊 Metadata

CVE ID: CVE-2020-7558
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 19, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7558, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)