Improper Input Validation in Easergy Builder by Schneider Electric
CVE-2020-7518

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Easergy Builder (version 1.4.7.2 And Older)
Vendor: CVE Published:; 23 July 2020

Summary

An improper input validation vulnerability in Easergy Builder allows an attacker to potentially alter project configuration files, leading to unauthorized changes and security risks. This vulnerability primarily affects Easergy Builder versions up to 1.4.7.2, emphasizing the need for immediate attention and remediation to safeguard against potential exploitation.

Affected Version(s)

Easergy Builder (Version 1.4.7.2 and older) Easergy Builder (Version 1.4.7.2 and older)

References

https://www.se.com/ww/en/download/document/SEVD-2020-161-05

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2020
Vulnerability Reserved
Jan 21, 2020