CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34755
https://notcve.org/view.php?id=CVE-2022-34755
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-06.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7519
https://notcve.org/view.php?id=CVE-2020-7519
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. CWE-521: Se presenta una vulnerabilidad de Requisitos de Contraseña débil en Easergy Builder (Versión 1.4.7.2 y anteriores) que podría permitir a un atacante comprometer una cuenta de usuario • https://www.se.com/ww/en/download/document/SEVD-2020-161-05 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7518
https://notcve.org/view.php?id=CVE-2020-7518
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. A CWE-20: Se presenta una vulnerabilidad de comprobación de entrada inapropiada en Easergy Builder (Versión 1.4.7.2 y anteriores) que podría permitir a un atacante modificar los archivos de configuración del proyecto • https://www.se.com/ww/en/download/document/SEVD-2020-161-05 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7517
https://notcve.org/view.php?id=CVE-2020-7517
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. CWE-312: Se presenta una vulnerabilidad en Almacenamiento de Información Confidencial en Texto sin Cifrar en Easergy Builder (Versión 1.4.7.2 y anteriores) que podría permitir a un atacante leer las credenciales de los usuarios • https://www.se.com/ww/en/download/document/SEVD-2020-161-05 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7516
https://notcve.org/view.php?id=CVE-2020-7516
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. CWE-316: Se presenta una vulnerabilidad de Almacenamiento de Información Confidencial en la Memoria en Texto sin Cifrar en Easergy Builder versión 1.4.7.2 y anteriores que podría permitir a un atacante acceder a las credenciales de inicio de sesión • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05 • CWE-312: Cleartext Storage of Sensitive Information •