← Back

CVE-2020-7548

nvd nist
Published: Dec 1, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.

Affected (7)

Schneider Electric
7 products
Acti9 Smartlink Si D Firmware
Acti9 Smartlink Si B Firmware
Acti9 Powertag Link Firmware
Acti9 Powertag Link Hd Firmware
Acti9 Smartlink El B Firmware
Wiser Link Firmware
Wiser Energy Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Acti9 Smartlink Si D Firmware
Before 002.004.002
Running on/withPlatform Versions
Schneider Electric
Acti9 Smartlink Si D
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Acti9 Smartlink Si B Firmware
Before 002.004.002
Running on/withPlatform Versions
Schneider Electric
Acti9 Smartlink Si B
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Acti9 Powertag Link Firmware
Before 001.008.007
Running on/withPlatform Versions
Schneider Electric
Acti9 Powertag Link
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Acti9 Powertag Link Hd Firmware
Before 001.008.007
Running on/withPlatform Versions
Schneider Electric
Acti9 Powertag Link Hd
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Acti9 Smartlink El B Firmware
Before 1.2.1
Running on/withPlatform Versions
Schneider Electric
Acti9 Smartlink El B
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wiser Link Firmware
Before 1.5.0
Running on/withPlatform Versions
Schneider Electric
Wiser Link
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wiser Energy Firmware
Before 1.5.0
Running on/withPlatform Versions
Schneider Electric
Wiser Energy
All versions

Related CWEs

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

Source: cybersecurity@se.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.