CVE-2020-7483

Published: Apr 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Affected (1)

Products: Schneider Electric: Tristation 1131

Schneider Electric

1 product

Tristation 1131

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Schneider Electric Tristation 1131	From 1.0 to 4.12.0

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows Nt	All versions
Microsoft Windows Xp	All versions

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

Source: cybersecurity@se.com

Third Party AdvisoryUS Government Resource

https://www.se.com/ww/en/download/document/SESB-2020-105-01

Source: cybersecurity@se.com

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.se.com/ww/en/download/document/SESB-2020-105-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.