Cleartext Storage Vulnerability in Easergy Builder by Schneider Electric
CVE-2020-7517

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Easergy Builder (version 1.4.7.2 And Older)
Vendor: CVE Published:; 23 July 2020

Summary

A vulnerability in the Easergy Builder software from Schneider Electric allows for the exposed storage of sensitive user credentials in cleartext. This flaw poses a risk, as attackers could exploit it to gain unauthorized access to user accounts, putting confidential data at risk. Users are encouraged to review their configurations and upgrade to the latest version to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Easergy Builder (Version 1.4.7.2 and older) Easergy Builder (Version 1.4.7.2 and older)

References

https://www.se.com/ww/en/download/document/SEVD-2020-161-05

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2020
Vulnerability Reserved
Jan 21, 2020