Sign-up

ID

VAR-202006-1536


CVE

CVE-2020-7505


TITLE

Easergy T300 Vulnerability regarding incomplete integrity verification of downloaded code in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006652

DESCRIPTION

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. Easergy T300 Contains a vulnerability related to incomplete integrity verification of downloaded code.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France. There is a security vulnerability in Schneider Electric Easergy T300 that uses firmware version 1.5.2 and earlier. The vulnerability is caused by the program not checking the integrity of the code when downloading the code. Arbitrary code

Trust: 2.16

sources: NVD: CVE-2020-7505 // JVNDB: JVNDB-2020-006652 // CNVD: CNVD-2021-21473

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-21473

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy t300scope:lteversion:1.5.2

Trust: 1.0

vendor:schneider electricmodel:easergy t300scope:eqversion:1.5.2

Trust: 0.8

vendor:schneidermodel:electric easergy t300scope:lteversion:<=1.5.2

Trust: 0.6

sources: CNVD: CNVD-2021-21473 // JVNDB: JVNDB-2020-006652 // NVD: CVE-2020-7505

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7505
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006652
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-21473
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1094
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-7505
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006652
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-21473
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7505
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006652
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-21473 // JVNDB: JVNDB-2020-006652 // CNNVD: CNNVD-202006-1094 // NVD: CVE-2020-7505

PROBLEMTYPE DATA

problemtype:CWE-494

Trust: 1.8

sources: JVNDB: JVNDB-2020-006652 // NVD: CVE-2020-7505

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006652

PATCH
title:SEVD-2020-161-04url:https://www.se.com/ww/en/download/document/SEVD-2020-161-04
Trust: 0.8
title:Patch for Schneider Electric Easergy T300 has an unspecified vulnerability (CNVD-2021-21473)url:https://www.cnvd.org.cn/patchInfo/show/254381
Trust: 0.6
title:Schneider Electric Easergy T300 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121939
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-21473 // 
            
            
            
            JVNDB: JVNDB-2020-006652 // 
            
            
            
            CNNVD: CNNVD-202006-1094

EXTERNAL IDS
db:NVDid:CVE-2020-7505
Trust: 3.0
db:SCHNEIDERid:SEVD-2020-161-04
Trust: 1.6
db:JVNDBid:JVNDB-2020-006652
Trust: 0.8
db:CNVDid:CNVD-2021-21473
Trust: 0.6
db:CNNVDid:CNNVD-202006-1094
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-21473 // 
            
            
            
            JVNDB: JVNDB-2020-006652 // 
            
            
            
            CNNVD: CNNVD-202006-1094 // 
            
            
            
            NVD: CVE-2020-7505

REFERENCES
url:https://www.se.com/ww/en/download/document/sevd-2020-161-04
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-7505
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7505
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-7505\
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-21473 // 
            
            
            
            JVNDB: JVNDB-2020-006652 // 
            
            
            
            CNNVD: CNNVD-202006-1094 // 
            
            
            
            NVD: CVE-2020-7505

SOURCES
db:CNVDid:CNVD-2021-21473
db:JVNDBid:JVNDB-2020-006652
db:CNNVDid:CNNVD-202006-1094
db:NVDid:CVE-2020-7505

LAST UPDATE DATE
2024-11-23T21:59:10.569000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-21473date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2020-006652date:2020-07-14T00:00:00
db:CNNVDid:CNNVD-202006-1094date:2020-06-18T00:00:00
db:NVDid:CVE-2020-7505date:2024-11-21T05:37:16.543

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-21473date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2020-006652date:2020-07-14T00:00:00
db:CNNVDid:CNNVD-202006-1094date:2020-06-16T00:00:00
db:NVDid:CVE-2020-7505date:2020-06-16T20:15:15.287