VAR-202006-1532
Vulnerability from variot - Updated: 2023-12-18 13:47A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. (DoS) It may be put into a state. Schneider Electric Vijeo Designer Basic and Schneider Electric Vijeo Designer are both a set of programming and design software for HMI (Human Machine Interface) from French Schneider Electric (Schneider Electric).
Schneider Electric Vijeo Designer Basic and Vijeo Designer have vulnerabilities in trust management issues. Attackers can use this vulnerability to perform read and write operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vijeo designer",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": "vijeo designer",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "vijeo designer",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "vijeo designer",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.9"
},
{
"model": "vijeo designer",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "6.2 sp9"
},
{
"model": "vijeo designer",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "basic 1.1 hotfix 16"
},
{
"model": "electric vijeo designer basic",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.0"
},
{
"model": "electric vijeo designer basic basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.1"
},
{
"model": "electric vijeo designer basic hotfix 15 basic",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.1"
},
{
"model": "electric vijeo designer",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=6.2"
},
{
"model": "electric vijeo designer",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "6.9"
},
{
"model": "electric vijeo designer sp9",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "6.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "NVD",
"id": "CVE-2020-7501"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_designer:*:*:*:*:basic:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_designer:1.1:-:*:*:basic:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_designer:1.1:hotfix_15:*:*:basic:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_designer:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_designer:6.9:-:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_designer:6.9:sp9:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7501"
}
]
},
"cve": "CVE-2020-7501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006945",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-25688",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006945",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-7501",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006945",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-25688",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1085",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. (DoS) It may be put into a state. Schneider Electric Vijeo Designer Basic and Schneider Electric Vijeo Designer are both a set of programming and design software for HMI (Human Machine Interface) from French Schneider Electric (Schneider Electric). \n\r\n\r\nSchneider Electric Vijeo Designer Basic and Vijeo Designer have vulnerabilities in trust management issues. Attackers can use this vulnerability to perform read and write operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "CNVD",
"id": "CNVD-2021-25688"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7501",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-133-02",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-25688",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1085",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"id": "VAR-202006-1532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
}
]
},
"last_update_date": "2023-12-18T13:47:29.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-133-02",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-133-02/"
},
{
"title": "Patch for Schneider Electric Vijeo Designer and Vijeo Designer Basic trust management vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/256386"
},
{
"title": "Schneider Electric Vijeo Designer and Vijeo Designer Basic Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122528"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "NVD",
"id": "CVE-2020-7501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7501"
},
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-133-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7501"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"date": "2020-06-16T20:15:14.957000",
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25688"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006945"
},
{
"date": "2022-01-31T19:43:33.847000",
"db": "NVD",
"id": "CVE-2020-7501"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vijeo Designer Basic and Vijeo Designer Vulnerability in using hard-coded credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006945"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1085"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…