Schneider-Electric: >> Easergy Builder >> 1.4.7.2 Security Vulnerabilities
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-07-23
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-07-23
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-07-23
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-07-23
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-07-23
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-07-23