Vijeo Designer
CVE-2020-7501
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.
AnalysisAI
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. Affected products include: Schneider-Electric Vijeo Designer.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Vijeo Designer
View allA CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Confi
access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries t
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of
A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Desig
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today