// For flags

CVE-2020-7493

Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Directory Traversal Remote Code Execution Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

Una CWE-89: Una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales utilizados en un Comando SQL ("SQL Injection) en EcoStruxure Operator Terminal Expert versiones 3.1 Service Pack 1 y anteriores (anteriormente conocido como Vijeo XD) que podría causar una ejecución de código malicioso cuando se abre el archivo del proyecto

The vulnerablity allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of VXDZ files. When parsing the parameters to load_extension the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process.

*Credits: Steven Seeley and Chris Anastasio of Incite Team
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2020-05-14 CVE Published
  • 2024-03-03 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.se.com/ww/en/download/document/SEVD-2020-133-04 2020-06-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
 <= 3.0
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version " <= 3.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
 3.1
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version "3.1"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
 3.1
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version "3.1"
sp1
Affected