Details of VAR-202006-1535

ID

VAR-202006-1535

CVE

CVE-2020-7504

TITLE

Schneider Electric Easergy T300 input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-21472 // CNNVD: CNNVD-202006-1091

DESCRIPTION

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. Easergy T300 There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France

Trust: 2.16

sources: NVD: CVE-2020-7504 // JVNDB: JVNDB-2020-006651 // CNVD: CNVD-2021-21472

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21472

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	1.5.2	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=1.5.2	Trust: 0.6

sources: CNVD: CNVD-2021-21472 // JVNDB: JVNDB-2020-006651 // NVD: CVE-2020-7504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7504
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-006651
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-21472
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1091
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-7504
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006651
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21472
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7504
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006651
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21472 // JVNDB: JVNDB-2020-006651 // CNNVD: CNNVD-202006-1091 // NVD: CVE-2020-7504

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-006651 // NVD: CVE-2020-7504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1091

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1091

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006651

PATCH

title:	SEVD-2020-161-04	url:	https://www.se.com/ww/en/download/document/SEVD-2020-161-04	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/254386	Trust: 0.6
title:	Schneider Electric Easergy T300 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121936	Trust: 0.6

sources: CNVD: CNVD-2021-21472 // JVNDB: JVNDB-2020-006651 // CNNVD: CNNVD-202006-1091

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7504	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-161-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006651	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21472	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1091	Trust: 0.6

sources: CNVD: CNVD-2021-21472 // JVNDB: JVNDB-2020-006651 // CNNVD: CNNVD-202006-1091 // NVD: CVE-2020-7504

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-161-04	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7504	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7504	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7504\	Trust: 0.8

sources: CNVD: CNVD-2021-21472 // JVNDB: JVNDB-2020-006651 // CNNVD: CNNVD-202006-1091 // NVD: CVE-2020-7504

SOURCES

db:	CNVD	id:	CNVD-2021-21472
db:	JVNDB	id:	JVNDB-2020-006651
db:	CNNVD	id:	CNNVD-202006-1091
db:	NVD	id:	CVE-2020-7504

LAST UPDATE DATE

2024-11-23T21:59:10.654000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21472	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006651	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1091	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-7504	date:	2024-11-21T05:37:16.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21472	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006651	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1091	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7504	date:	2020-06-16T20:15:15.207