certfr_avis - certfr-2020-avi-280

CERTFR-2020-AVI-280

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "initial_release_date": "2020-05-13T00:00:00",
  "last_revision_date": "2020-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

CVE-2020-7500 (GCVE-0-2020-7500)

Vulnerability from cvelistv5

Published

2020-06-16 19:21

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-89 - :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2020-133-03/

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	U.motion Servers and Touch Panels (affected versions listed in the security notification)	Version: U.motion Servers and Touch Panels (affected versions listed in the security notification)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T19:21:54.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7500",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7500",
    "datePublished": "2020-06-16T19:21:54.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7499 (GCVE-0-2020-7499)

Vulnerability from cvelistv5

Published

2020-06-16 19:16

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-863 - Incorrect Authorization

Summary

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2020-133-03/

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	U.motion Servers and Touch Panels (affected versions listed in the security notification)	Version: U.motion Servers and Touch Panels (affected versions listed in the security notification)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-19T12:20:51.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863: Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7499",
    "datePublished": "2020-06-16T19:16:53.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7492 (GCVE-0-2020-7492)

Vulnerability from cvelistv5

Published

2020-06-16 19:07

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-521 - Weak Password Requirements

Summary

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2020-133-01/

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	GP-Pro EX V1.00 to V4.09.100	Version: GP-Pro EX V1.00 to V4.09.100

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GP-Pro EX V1.00 to V4.09.100",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "GP-Pro EX V1.00 to V4.09.100"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-521",
              "description": "CWE-521: Weak Password Requirements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T19:07:45.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GP-Pro EX V1.00 to V4.09.100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "GP-Pro EX V1.00 to V4.09.100"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-521: Weak Password Requirements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7492",
    "datePublished": "2020-06-16T19:07:45.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7501 (GCVE-0-2020-7501)

Vulnerability from cvelistv5

Published

2020-06-16 19:40

Modified

2024-08-04 09:33

Severity ?

CWE

CWE-798 - Use of Hard-coded Credentials

Summary

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2020-133-02/

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)	Version: Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-02/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T19:40:23.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-02/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798: Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-02/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-02/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7501",
    "datePublished": "2020-06-16T19:40:23.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2020-AVI-280

Vulnerability from certfr_avis

Solution

CVE-2020-7500 (GCVE-0-2020-7500)

Vulnerability from cvelistv5

CVE-2020-7499 (GCVE-0-2020-7499)

Vulnerability from cvelistv5

CVE-2020-7492 (GCVE-0-2020-7492)

Vulnerability from cvelistv5

CVE-2020-7501 (GCVE-0-2020-7501)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature