Details of VAR-202006-1532

ID

VAR-202006-1532

CVE

CVE-2020-7501

TITLE

Vijeo Designer Basic and Vijeo Designer Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006945

DESCRIPTION

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. (DoS) It may be put into a state. Schneider Electric Vijeo Designer Basic and Schneider Electric Vijeo Designer are both a set of programming and design software for HMI (Human Machine Interface) from French Schneider Electric (Schneider Electric). Schneider Electric Vijeo Designer Basic and Vijeo Designer have vulnerabilities in trust management issues. Attackers can use this vulnerability to perform read and write operations

Trust: 2.16

sources: NVD: CVE-2020-7501 // JVNDB: JVNDB-2020-006945 // CNVD: CNVD-2021-25688

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-25688

AFFECTED PRODUCTS

vendor:	schneider electric	model:	vijeo designer	scope:	eq	version:	6.9	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	lte	version:	6.2	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	lte	version:	1.0	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	eq	version:	1.1	Trust: 1.0
vendor:	schneider electric	model:	vijeo designer	scope:	eq	version:	6.2 sp9	Trust: 0.8
vendor:	schneider electric	model:	vijeo designer	scope:	eq	version:	basic 1.1 hotfix 16	Trust: 0.8
vendor:	schneider	model:	electric vijeo designer basic	scope:	lte	version:	<=1.0	Trust: 0.6
vendor:	schneider	model:	electric vijeo designer basic basic	scope:	eq	version:	1.1	Trust: 0.6
vendor:	schneider	model:	electric vijeo designer basic hotfix 15 basic	scope:	eq	version:	1.1	Trust: 0.6
vendor:	schneider	model:	electric vijeo designer	scope:	lte	version:	<=6.2	Trust: 0.6
vendor:	schneider	model:	electric vijeo designer	scope:	eq	version:	6.9	Trust: 0.6
vendor:	schneider	model:	electric vijeo designer sp9	scope:	eq	version:	6.9	Trust: 0.6

sources: CNVD: CNVD-2021-25688 // JVNDB: JVNDB-2020-006945 // NVD: CVE-2020-7501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7501
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006945
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-25688
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1085
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-7501
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006945
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-25688
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7501
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006945
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-25688 // JVNDB: JVNDB-2020-006945 // CNNVD: CNNVD-202006-1085 // NVD: CVE-2020-7501

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2020-006945 // NVD: CVE-2020-7501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1085

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1085

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006945

PATCH

title:	SEVD-2020-133-02	url:	https://www.se.com/ww/en/download/document/SEVD-2020-133-02/	Trust: 0.8
title:	Patch for Schneider Electric Vijeo Designer and Vijeo Designer Basic trust management vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/256386	Trust: 0.6
title:	Schneider Electric Vijeo Designer and Vijeo Designer Basic Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122528	Trust: 0.6

sources: CNVD: CNVD-2021-25688 // JVNDB: JVNDB-2020-006945 // CNNVD: CNNVD-202006-1085

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7501	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-133-02	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006945	Trust: 0.8
db:	CNVD	id:	CNVD-2021-25688	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1085	Trust: 0.6

sources: CNVD: CNVD-2021-25688 // JVNDB: JVNDB-2020-006945 // CNNVD: CNNVD-202006-1085 // NVD: CVE-2020-7501

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7501	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-133-02/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7501	Trust: 0.8

sources: CNVD: CNVD-2021-25688 // JVNDB: JVNDB-2020-006945 // CNNVD: CNNVD-202006-1085 // NVD: CVE-2020-7501

SOURCES

db:	CNVD	id:	CNVD-2021-25688
db:	JVNDB	id:	JVNDB-2020-006945
db:	CNNVD	id:	CNNVD-202006-1085
db:	NVD	id:	CVE-2020-7501

LAST UPDATE DATE

2024-11-23T22:33:25.206000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-25688	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-006945	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1085	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7501	date:	2024-11-21T05:37:16.117

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-25688	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-006945	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1085	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7501	date:	2020-06-16T20:15:14.957