Schneider-Electric Easergy Builder vulnerabilities

CVE-2020-7514 [HIGH] CWE-327 CVE-2020-7514: A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.

CVE-2020-7519 [HIGH] CWE-521 CVE-2020-7519: A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and o A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.

CVE-2020-7516 [HIGH] CWE-312 CVE-2020-7516: A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Buil A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.

CVE-2020-7518 [HIGH] CWE-20 CVE-2020-7518: A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and old A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.

CVE-2020-7515 [HIGH] CWE-798 CVE-2020-7515: A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy B A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.

CVE-2020-7517 [MEDIUM] CWE-312 CVE-2020-7517: A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Versi A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.