CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-7499
https://notcve.org/view.php?id=CVE-2020-7499
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. Una CWE-863: Se presenta una vulnerabilidad de autorización incorrecta en U.motion Servers and Touch Panels (versiones afectadas listadas en la notificación de seguridad) que podrían causar un acceso no autorizado cuando un usuario poco privilegiado realiza cambios no autorizados • https://www.se.com/ww/en/download/document/SEVD-2020-133-03 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7498
https://notcve.org/view.php?id=CVE-2020-7498
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results. Una CWE-798: Se presenta una vulnerabilidad de Uso de Credenciales Embebidas en Unity Loader and OS Loader Software (todas las versiones). • https://www.se.com/ww/en/download/document/SEVD-2020-161-02 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7497
https://notcve.org/view.php?id=CVE-2020-7497
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta en un Directorio Restringido ("Path Traversal") en EcoStruxure Operator Terminal Expert versiones 3.1 Service Pack 1 y anteriores (anteriormente conocido como Vijeo XD) que podría causar una ejecución arbitraria de la aplicación cuando se inicia la computadora • https://www.se.com/ww/en/download/document/SEVD-2020-133-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7492
https://notcve.org/view.php?id=CVE-2020-7492
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. CWE-521: Se presenta una vulnerabilidad de Requisitos de Contraseña Débiles en GP-Pro EX versiones V1.00 hasta V4.09.100, lo que podría causar el descubrimiento de la contraseña cuando el usuario ingresa la contraseña porque no está enmascarada • https://www.se.com/ww/en/download/document/SEVD-2020-133-01 • CWE-521: Weak Password Requirements •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7494 – Schneider Electric EcoStructure Operator Terminal Expert VXDZ Arbitrary Library Load Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7494
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta en un Directorio Restringido ("Path Traversal") en EcoStruxure Operator Terminal Expert versiones 3.1 Service Pack 1 y anteriores (anteriormente conocido como Vijeo XD) que podría causar una ejecución de código malicioso cuando se abre el archivo del proyecto The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with the handling of VXDZ files. A crafted project file can allow the loading of an arbitrary DLL. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.se.com/ww/en/download/document/SEVD-2020-133-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •