CVE-2020-7506

Published: Jun 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.

Affected (1)

Products: Schneider Electric: Easergy T300 Firmware

Schneider Electric

1 product

Easergy T300 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Easergy T300 Firmware	Up to 1.5.2

Running on/with	Platform Versions
Schneider Electric Easergy T300	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04

Source: cybersecurity@se.com

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.