Sign-up

ID

VAR-202004-1860


CVE

CVE-2020-7490


TITLE

Vijeo Designer Basic and Vijeo Designer Unreliable search path vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004730

DESCRIPTION

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. (DoS) It may be put into a state. Schneider Electric Vijeo Designer Basic is a set of programming and design software for HMI (Human Machine Interface) for Schneider Electric (France Schneider Electric) Schneider Electric Vijeo Designer Basic 1.1 HotFix 15 and earlier and Vijeo Designer 6.9 SP9 and earlier have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.16

sources: NVD: CVE-2020-7490 // JVNDB: JVNDB-2020-004730 // CNVD: CNVD-2020-33245

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33245

AFFECTED PRODUCTS

vendor:schneider electricmodel:vijeo designerscope:eqversion:6.9

Trust: 1.0

vendor:schneider electricmodel:vijeo designerscope:lteversion:6.2

Trust: 1.0

vendor:schneider electricmodel:vijeo designerscope:lteversion:1.0

Trust: 1.0

vendor:schneider electricmodel:vijeo designerscope:eqversion:1.1

Trust: 1.0

vendor:schneider electricmodel:vijeo designerscope:eqversion:6.9 sp9

Trust: 0.8

vendor:schneider electricmodel:vijeo designerscope:eqversion:basic 1.1 hotfix 15

Trust: 0.8

vendor:schneidermodel:electric vijeo designer sp9scope:lteversion:<=6.9

Trust: 0.6

vendor:schneider electricmodel:vijeo designer basic hotfixscope:lteversion:<=1.115

Trust: 0.6

sources: CNVD: CNVD-2020-33245 // JVNDB: JVNDB-2020-004730 // NVD: CVE-2020-7490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7490
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004730
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-33245
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1947
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-7490
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004730
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33245
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7490
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004730
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33245 // JVNDB: JVNDB-2020-004730 // CNNVD: CNNVD-202004-1947 // NVD: CVE-2020-7490

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.8

sources: JVNDB: JVNDB-2020-004730 // NVD: CVE-2020-7490

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1947

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-1947

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004730

PATCH
title:SEVD-2020-105-03url:https://www.se.com/ww/en/download/document/SEVD-2020-105-03/
Trust: 0.8
title:Patch for Schneider Electric Vijeo Designer Basic and Vijeo Designer Code Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/221583
Trust: 0.6
title:Schneider Electric Vijeo Designer Basic  and Vijeo Designer Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117010
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33245 // 
            
            
            
            JVNDB: JVNDB-2020-004730 // 
            
            
            
            CNNVD: CNNVD-202004-1947

EXTERNAL IDS
db:NVDid:CVE-2020-7490
Trust: 3.0
db:SCHNEIDERid:SEVD-2020-105-03
Trust: 1.6
db:JVNDBid:JVNDB-2020-004730
Trust: 0.8
db:CNVDid:CNVD-2020-33245
Trust: 0.6
db:CNNVDid:CNNVD-202004-1947
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33245 // 
            
            
            
            JVNDB: JVNDB-2020-004730 // 
            
            
            
            CNNVD: CNNVD-202004-1947 // 
            
            
            
            NVD: CVE-2020-7490

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-7490
Trust: 2.0
url:https://www.se.com/ww/en/download/document/sevd-2020-105-03
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7490
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-33245 // 
            
            
            
            JVNDB: JVNDB-2020-004730 // 
            
            
            
            CNNVD: CNNVD-202004-1947 // 
            
            
            
            NVD: CVE-2020-7490

SOURCES
db:CNVDid:CNVD-2020-33245
db:JVNDBid:JVNDB-2020-004730
db:CNNVDid:CNNVD-202004-1947
db:NVDid:CVE-2020-7490

LAST UPDATE DATE
2024-11-23T22:05:39.483000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33245date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2020-004730date:2020-05-26T00:00:00
db:CNNVDid:CNNVD-202004-1947date:2022-03-10T00:00:00
db:NVDid:CVE-2020-7490date:2024-11-21T05:37:14.933

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33245date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-004730date:2020-05-26T00:00:00
db:CNNVDid:CNNVD-202004-1947date:2020-04-22T00:00:00
db:NVDid:CVE-2020-7490date:2020-04-22T19:15:11.823