// For flags

CVE-2020-7494

Schneider Electric EcoStructure Operator Terminal Expert VXDZ Arbitrary Library Load Remote Code Execution Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta en un Directorio Restringido ("Path Traversal") en EcoStruxure Operator Terminal Expert versiones 3.1 Service Pack 1 y anteriores (anteriormente conocido como Vijeo XD) que podría causar una ejecución de código malicioso cuando se abre el archivo del proyecto

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStructure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists with the handling of VXDZ files. A crafted project file can allow the loading of an arbitrary DLL. An attacker can leverage this vulnerability to execute code in the context of the current process.

*Credits: Sharon Brizinov, Amir Preminger of Claroty Research
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2020-05-14 CVE Published
  • 2024-03-03 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.se.com/ww/en/download/document/SEVD-2020-133-04 2020-06-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
 <= 3.0
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version " <= 3.0"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
 3.1
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version "3.1"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Ecostruxure Operator Terminal Expert
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert"
 3.1
Search vendor "Schneider-electric" for product "Ecostruxure Operator Terminal Expert" and version "3.1"
sp1
Affected