CVE-2020-7490 — Untrusted Search Path in Vijeo Designer

CWE-426 — Untrusted Search Path4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Vijeo Designer

Timeline

PublishedApr 22

Latest updateMay 24

Description

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDschneider-electric/vijeo_designer1.0+3

🔴Vulnerability Details

GHSA

GHSA-jw6v-h8fg-79xj: A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1↗2022-05-24

▶

CVEList

CVE-2020-7490: A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1↗2020-04-22

▶

💥Exploits & PoCs

Exploit-DB

FRITZ!Box 7.20 - DNS Rebinding Protection Bypass↗2020-12-18

▶