cvelistv5 - cve-2020-7492

CVE-2020-7492 (GCVE-0-2020-7492)

Vulnerability from cvelistv5 – Published: 2020-06-16 19:07 – Updated: 2024-08-04 09:33

Summary

Severity ?

No CVSS data available.

CWE

CWE-521 - Weak Password Requirements

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	GP-Pro EX V1.00 to V4.09.100	Affected: GP-Pro EX V1.00 to V4.09.100

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GP-Pro EX V1.00 to V4.09.100",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "GP-Pro EX V1.00 to V4.09.100"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-521",
              "description": "CWE-521: Weak Password Requirements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T19:07:45",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GP-Pro EX V1.00 to V4.09.100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "GP-Pro EX V1.00 to V4.09.100"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-521: Weak Password Requirements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7492",
    "datePublished": "2020-06-16T19:07:45",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.00\", \"versionEndIncluding\": \"4.09.120\", \"matchCriteriaId\": \"300993CC-80A5-4534-A08C-ADC7E6C49B9F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.\"}, {\"lang\": \"es\", \"value\": \"CWE-521: Se presenta una vulnerabilidad de Requisitos de Contrase\\u00f1a D\\u00e9biles en GP-Pro EX versiones V1.00 hasta V4.09.100, lo que podr\\u00eda causar el descubrimiento de la contrase\\u00f1a cuando el usuario ingresa la contrase\\u00f1a porque no est\\u00e1 enmascarada\"}]",
      "id": "CVE-2020-7492",
      "lastModified": "2024-11-21T05:37:15.150",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-06-16T20:15:14.177",
      "references": "[{\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-133-01/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2020-133-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-521\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-521\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7492\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-06-16T20:15:14.177\",\"lastModified\":\"2024-11-21T05:37:15.150\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.\"},{\"lang\":\"es\",\"value\":\"CWE-521: Se presenta una vulnerabilidad de Requisitos de Contrase\u00f1a D\u00e9biles en GP-Pro EX versiones V1.00 hasta V4.09.100, lo que podr\u00eda causar el descubrimiento de la contrase\u00f1a cuando el usuario ingresa la contrase\u00f1a porque no est\u00e1 enmascarada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.00\",\"versionEndIncluding\":\"4.09.120\",\"matchCriteriaId\":\"300993CC-80A5-4534-A08C-ADC7E6C49B9F\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-133-01/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-133-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-202006-1523

Vulnerability from variot - Updated: 2023-12-18 13:51

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. GP-Pro EX There is a vulnerability in requesting a weak password.Information may be obtained. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software of French Schneider Electric (Schneider Electric) company.

There are security vulnerabilities in Schneider Electric GP-Pro EX version 1.00 to version 4.09.120. An attacker can use this vulnerability to obtain the password

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1523",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gp-pro ex",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "4.09.120"
      },
      {
        "model": "gp-pro ex",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "1.00"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "1.00 \u304b\u3089 4.09.100"
      },
      {
        "model": "electric pro-face gp-pro ex",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "1.00,\u003c=4.09.120"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.09.120",
                "versionStartIncluding": "1.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      }
    ]
  },
  "cve": "CVE-2020-7492",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006892",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2021-25686",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-185617",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006892",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-7492",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006892",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-25686",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1076",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185617",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. GP-Pro EX There is a vulnerability in requesting a weak password.Information may be obtained. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software of French Schneider Electric (Schneider Electric) company. \n\r\n\r\nThere are security vulnerabilities in Schneider Electric GP-Pro EX version 1.00 to version 4.09.120. An attacker can use this vulnerability to obtain the password",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7492",
        "trust": 3.1
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2020-133-01",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "id": "VAR-202006-1523",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:51:53.233000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2020-133-01",
        "trust": 0.8,
        "url": "https://www.se.com/ww/en/download/document/sevd-2020-133-01/"
      },
      {
        "title": "Patch for GP Pro EX Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/256381"
      },
      {
        "title": "Schneider Electric GP-Pro EX Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122519"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-521",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7492"
      },
      {
        "trust": 1.7,
        "url": "https://www.se.com/ww/en/download/document/sevd-2020-133-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7492"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "date": "2020-06-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "date": "2020-06-16T20:15:14.177000",
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "date": "2020-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-25686"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185617"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      },
      {
        "date": "2020-06-24T13:49:53.340000",
        "db": "NVD",
        "id": "CVE-2020-7492"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GP-Pro EX Vulnerability in requesting weak passwords in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006892"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1076"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2020-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

CERTFR-2020-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	MTN6501-0001 – U.motion – KNX Server versions antérieures à 1.4.2
Schneider Electric	N/A	Vijeo Designer versions V6.2 SP9 et antérieures
Schneider Electric	N/A	MTN6260-0310 – U.Motion KNX Client Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6501-0002 – U.Motion – KNX Server Plus versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0410 – U.Motion KNX server Plus, Touch 10 versions antérieures à 1.4.2
Schneider Electric	N/A	MTN6260-0415 – U.Motion KNX server Plus, Touch 15 versions antérieures à 1.4.2
Schneider Electric	N/A	GP-Pro EX versions antérieures à V4.09.120
Schneider Electric	N/A	Vijeo Designer Basic versions antérieures à V1.1 HotFix 17
Schneider Electric	N/A	MTN6260-0315 – U.Motion KNX Client Touch 15 versions antérieures à 1.4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2020-133-02 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-03 du 12 mai 2020	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2020-133-01 du 12 mai 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MTN6501-0001 \u2013 U.motion \u2013 KNX Server versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer versions V6.2 SP9 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0310 \u2013 U.Motion KNX Client Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6501-0002 \u2013 U.Motion \u2013 KNX Server Plus versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0410 \u2013 U.Motion KNX server Plus, Touch 10 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0415 \u2013 U.Motion KNX server Plus, Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX versions ant\u00e9rieures \u00e0 V4.09.120",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.1 HotFix 17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "MTN6260-0315 \u2013 U.Motion KNX Client Touch 15 versions ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7500"
    },
    {
      "name": "CVE-2020-7492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7492"
    },
    {
      "name": "CVE-2020-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7499"
    },
    {
      "name": "CVE-2020-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7501"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-280",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-02 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-02_Vijeo_Designer_and_Vijeo_Designer_Basic_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-03 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-03_U.motion_Servers_and_Touch_Panels_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-133-01 du 12 mai 2020",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-133-01_Pro-face_GP-ProEX_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-133-01"
    }
  ]
}

CNVD-2021-25686

Vulnerability from cnvd - Published: 2021-04-08

Title

GP Pro EX信息泄露漏洞

Description

Schneider Electric GP-Pro EX是法国施耐德电气（Schneider Electric）公司的一套HMI界面编辑和逻辑编程软件。 Schneider Electric GP-Pro EX 1.00版本至4.09.120版本中存在安全漏洞。攻击者可利用该漏洞获取密码。

Severity

中

Patch Name

GP Pro EX信息泄露漏洞的补丁

Patch Description

Schneider Electric GP-Pro EX是法国施耐德电气（Schneider Electric）公司的一套HMI界面编辑和逻辑编程软件。 Schneider Electric GP-Pro EX 1.00版本至4.09.120版本中存在安全漏洞。攻击者可利用该漏洞获取密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.se.com/ww/en/download/document/SEVD-2020-133-01/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7492

Impacted products

Name
Schneider Electric Pro-face GP-Pro EX >=1.00，<=4.09.120

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7492"
    }
  },
  "description": "Schneider Electric GP-Pro EX\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957HMI\u754c\u9762\u7f16\u8f91\u548c\u903b\u8f91\u7f16\u7a0b\u8f6f\u4ef6\u3002 \n\nSchneider Electric GP-Pro EX 1.00\u7248\u672c\u81f34.09.120\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5bc6\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.se.com/ww/en/download/document/SEVD-2020-133-01/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-25686",
  "openTime": "2021-04-08",
  "patchDescription": "Schneider Electric GP-Pro EX\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957HMI\u754c\u9762\u7f16\u8f91\u548c\u903b\u8f91\u7f16\u7a0b\u8f6f\u4ef6\u3002 \r\n\r\nSchneider Electric GP-Pro EX 1.00\u7248\u672c\u81f34.09.120\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GP Pro EX\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric Pro-face GP-Pro EX \u003e=1.00\uff0c\u003c=4.09.120"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7492",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-17",
  "title": "GP Pro EX\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2020-7492

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7492

Aliases

CVE-2020-7492

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7492",
    "description": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.",
    "id": "GSD-2020-7492"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7492"
      ],
      "details": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.",
      "id": "GSD-2020-7492",
      "modified": "2023-12-13T01:21:51.622506Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2020-7492",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GP-Pro EX V1.00 to V4.09.100",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "GP-Pro EX V1.00 to V4.09.100"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-521: Weak Password Requirements"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/",
            "refsource": "MISC",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.09.120",
                "versionStartIncluding": "1.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7492"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-521"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-06-24T13:49Z",
      "publishedDate": "2020-06-16T20:15Z"
    }
  }
}

GHSA-JJ8M-5R73-PQJ4

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7492"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.",
  "id": "GHSA-jj8m-5r73-pqj4",
  "modified": "2022-05-24T17:20:38Z",
  "published": "2022-05-24T17:20:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7492"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-7492

Vulnerability from fkie_nvd - Published: 2020-06-16 20:15 - Updated: 2024-11-21 05:37

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2020-133-01/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2020-133-01/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	gp-pro_ex_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "300993CC-80A5-4534-A08C-ADC7E6C49B9F",
              "versionEndIncluding": "4.09.120",
              "versionStartIncluding": "1.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."
    },
    {
      "lang": "es",
      "value": "CWE-521: Se presenta una vulnerabilidad de Requisitos de Contrase\u00f1a D\u00e9biles en GP-Pro EX versiones V1.00 hasta V4.09.100, lo que podr\u00eda causar el descubrimiento de la contrase\u00f1a cuando el usuario ingresa la contrase\u00f1a porque no est\u00e1 enmascarada"
    }
  ],
  "id": "CVE-2020-7492",
  "lastModified": "2024-11-21T05:37:15.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-16T20:15:14.177",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7492 (GCVE-0-2020-7492)

VAR-202006-1523

CERTFR-2020-AVI-280

Solution

CERTFR-2020-AVI-280

Solution

CNVD-2021-25686

GSD-2020-7492

GHSA-JJ8M-5R73-PQJ4

FKIE_CVE-2020-7492

Tags

Sightings

Nomenclature