Easergy Builder
CVE-2020-7514
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.
AnalysisAI
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-327. A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access. Affected products include: Schneider-Electric Easergy Builder. Version information: Version 1.4.7.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Easergy Builder
View allA CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and pri
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could al
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allo
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today