CVE-2020-7490
Last modified
CVE-2020-7490 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Vijeo Designer | <= 1.0 |
| Schneider-Electric | Vijeo Designer | <= 6.2 |
| Schneider-Electric | Vijeo Designer | 1.1 |
| Schneider-Electric | Vijeo Designer | 6.9 |
References
- https://www.se.com/ww/en/download/document/SEVD-2020-105-03Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-105-03Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7490?
How severe is CVE-2020-7490?
How do I fix CVE-2020-7490?
Are you affected by CVE-2020-7490?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST