CVE-2020-7506

{"id": "CVE-2020-7506", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-06-16T20:15:15.380", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04", "source": "cybersecurity@se.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure."}, {"lang": "es", "value": "Una CWE-538: Se presenta una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n de Archivos y Directorios en Easergy T300 versiones de Firmware 1.5.2 y anteriores, que podr\u00eda permitir a un atacante paquetizar o despaquetizar el archivo con el firmware para el controlador y m\u00f3dulos utilizando el archivador tar habitual, resultando en una exposici\u00f3n de informaci\u00f3n"}], "lastModified": "2021-06-11T18:15:13.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBB5E3FB-9929-419B-A92F-7D0AD3CEC5FE", "versionEndIncluding": "1.5.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}