CVE-2020-7561

A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.
References
Link Resource
https://www.se.com/ww/en/download/document/SEVD-2020-315-06/ Patch Product Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*

History

06 Aug 2022, 03:48

Type Values Removed Values Added
CWE CWE-284 CWE-306
References (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03 - (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03 - Third Party Advisory, US Government Resource

Information

Published : 2020-11-19 22:15

Updated : 2022-08-06 03:48


NVD link : CVE-2020-7561

Mitre link : CVE-2020-7561


JSON object : View

Products Affected

schneider-electric

  • easergy_t300_firmware
  • easergy_t300
CWE
CWE-306

Missing Authentication for Critical Function