CVE-2020-7490

EPSS 0.14%
Published 22.04.2020 19:15:11
Last modified 21.11.2024 05:37:14
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Vijeo Designer SwEditionbasic Version <= 1.0

Schneider-electric ≫ Vijeo Designer SwEdition- Version <= 6.2

Schneider-electric ≫ Vijeo Designer Version1.1 Update- SwEditionbasic

Schneider-electric ≫ Vijeo Designer Version1.1 Updatehotfix_15 SwEditionbasic

Schneider-electric ≫ Vijeo Designer Version6.9 Update- SwEdition-

Schneider-electric ≫ Vijeo Designer Version6.9 Updatesp9 SwEdition-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.339

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://www.se.com/ww/en/download/document/SEVD-2020-105-03

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7490

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7490

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7490

EUVD