CVE-2020-7501
Last modified
CVE-2020-7501 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.
Description
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Vijeo Designer | <= 1.0 |
| Schneider-Electric | Vijeo Designer | <= 6.2 |
| Schneider-Electric | Vijeo Designer | 1.1 |
| Schneider-Electric | Vijeo Designer | 6.9 |
References
- https://www.se.com/ww/en/download/document/SEVD-2020-133-02/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-133-02/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7501?
How severe is CVE-2020-7501?
How do I fix CVE-2020-7501?
Are you affected by CVE-2020-7501?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST