Sign-up

ID

VAR-202006-1537


CVE

CVE-2020-7506


TITLE

Easergy T300 Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006653

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. Easergy T300 There is an information leakage vulnerability in.Information may be obtained. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France

Trust: 2.25

sources: NVD: CVE-2020-7506 // JVNDB: JVNDB-2020-006653 // CNVD: CNVD-2021-21474 // VULMON: CVE-2020-7506

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-21474

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy t300scope:lteversion:1.5.2

Trust: 1.0

vendor:schneider electricmodel:easergy t300scope:eqversion:1.5.2

Trust: 0.8

vendor:schneidermodel:electric easergy t300scope:lteversion:<=1.5.2

Trust: 0.6

sources: CNVD: CNVD-2021-21474 // JVNDB: JVNDB-2020-006653 // NVD: CVE-2020-7506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7506
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006653
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-21474
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1098
value: HIGH

Trust: 0.6

VULMON: CVE-2020-7506
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7506
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006653
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-21474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7506
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006653
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-21474 // VULMON: CVE-2020-7506 // JVNDB: JVNDB-2020-006653 // CNNVD: CNNVD-202006-1098 // NVD: CVE-2020-7506

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2020-006653 // NVD: CVE-2020-7506

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1098

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1098

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006653

PATCH
title:SEVD-2020-161-04url:https://www.se.com/ww/en/download/document/SEVD-2020-161-04
Trust: 0.8
title:Patch for Schneider Electric Easergy T300 information disclosure vulnerability (CNVD-2021-21474)url:https://www.cnvd.org.cn/patchInfo/show/254376
Trust: 0.6
title:Schneider Electric Easergy T300 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121943
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-21474 // 
            
            
            
            JVNDB: JVNDB-2020-006653 // 
            
            
            
            CNNVD: CNNVD-202006-1098

EXTERNAL IDS
db:NVDid:CVE-2020-7506
Trust: 3.1
db:SCHNEIDERid:SEVD-2020-161-04
Trust: 1.7
db:JVNDBid:JVNDB-2020-006653
Trust: 0.8
db:CNVDid:CNVD-2021-21474
Trust: 0.6
db:CNNVDid:CNNVD-202006-1098
Trust: 0.6
db:VULMONid:CVE-2020-7506
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-21474 // 
            
            
            
            VULMON: CVE-2020-7506 // 
            
            
            
            JVNDB: JVNDB-2020-006653 // 
            
            
            
            CNNVD: CNNVD-202006-1098 // 
            
            
            
            NVD: CVE-2020-7506

REFERENCES
url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2020-161-04
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-7506
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7506
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-7506\
Trust: 0.8
url:https://www.se.com/ww/en/download/document/sevd-2020-161-04
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-21474 // 
            
            
            
            VULMON: CVE-2020-7506 // 
            
            
            
            JVNDB: JVNDB-2020-006653 // 
            
            
            
            CNNVD: CNNVD-202006-1098 // 
            
            
            
            NVD: CVE-2020-7506

SOURCES
db:CNVDid:CNVD-2021-21474
db:VULMONid:CVE-2020-7506
db:JVNDBid:JVNDB-2020-006653
db:CNNVDid:CNNVD-202006-1098
db:NVDid:CVE-2020-7506

LAST UPDATE DATE
2024-11-23T21:59:10.597000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-21474date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-7506date:2021-06-11T00:00:00
db:JVNDBid:JVNDB-2020-006653date:2020-07-14T00:00:00
db:CNNVDid:CNNVD-202006-1098date:2021-06-15T00:00:00
db:NVDid:CVE-2020-7506date:2024-11-21T05:37:16.650

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-21474date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-7506date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2020-006653date:2020-07-14T00:00:00
db:CNNVDid:CNNVD-202006-1098date:2020-06-16T00:00:00
db:NVDid:CVE-2020-7506date:2020-06-16T20:15:15.380