Vulnerability in Schneider-electric Vijeo_designer

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious…

EPSS: 0.004 (34.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

  • Schneider-electric Vijeo_designer — versions 1.1, 6.9
  • N/a Vijeo Designer Basic (V1.1 Hotfix 15 And Prior) (V6.9 Sp9 — versions Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior)

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-7490?
CVE-2020-7490 is a high-severity vulnerability in Schneider-electric Vijeo_designer, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2020-04-22.
How severe is CVE-2020-7490?
High severity. CVSS v3 base score is 7.8 out of 10.