Vulnerability in Schneider-electric Vijeo_designer
CVE-2020-7490
A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious…
EPSS: 0.004 (34.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Schneider-electric Vijeo_designer — versions 1.1, 6.9
- N/a Vijeo Designer Basic (V1.1 Hotfix 15 And Prior) (V6.9 Sp9 — versions Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior)
Weakness classification (CWE)
References
- cybersecurity@se.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-7490?
- CVE-2020-7490 is a high-severity vulnerability in Schneider-electric Vijeo_designer, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2020-04-22.
- How severe is CVE-2020-7490?
- High severity. CVSS v3 base score is 7.8 out of 10.