Details of VAR-202006-1539

ID

VAR-202006-1539

CVE

CVE-2020-7508

TITLE

Easergy T300 Vulnerability regarding improper restriction of excessive authentication attempts in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006640

DESCRIPTION

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. Easergy T300 Is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France. There is a security vulnerability in Schneider Electric Easergy T300 using firmware version 1.5.2 and earlier. This vulnerability stems from the program's unrestricted number of authentication times

Trust: 2.16

sources: NVD: CVE-2020-7508 // JVNDB: JVNDB-2020-006640 // CNVD: CNVD-2021-21476

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21476

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	1.5.2	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=1.5.2	Trust: 0.6

sources: CNVD: CNVD-2021-21476 // JVNDB: JVNDB-2020-006640 // NVD: CVE-2020-7508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7508
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006640
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-21476
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1102
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-7508
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006640
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21476
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7508
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006640
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21476 // JVNDB: JVNDB-2020-006640 // CNNVD: CNNVD-202006-1102 // NVD: CVE-2020-7508

PROBLEMTYPE DATA

problemtype:

CWE-307

Trust: 1.8

sources: JVNDB: JVNDB-2020-006640 // NVD: CVE-2020-7508

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1102

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1102

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006640

PATCH

title:	SEVD-2020-161-04	url:	https://www.se.com/ww/en/download/document/SEVD-2020-161-04	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 has an unspecified vulnerability (CNVD-2021-21476)	url:	https://www.cnvd.org.cn/patchInfo/show/254366	Trust: 0.6
title:	Schneider Electric Easergy T300 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121947	Trust: 0.6

sources: CNVD: CNVD-2021-21476 // JVNDB: JVNDB-2020-006640 // CNNVD: CNNVD-202006-1102

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7508	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-161-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006640	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21476	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1102	Trust: 0.6

sources: CNVD: CNVD-2021-21476 // JVNDB: JVNDB-2020-006640 // CNNVD: CNNVD-202006-1102 // NVD: CVE-2020-7508

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-161-04	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7508	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7508	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7508\	Trust: 0.8

sources: CNVD: CNVD-2021-21476 // JVNDB: JVNDB-2020-006640 // CNNVD: CNNVD-202006-1102 // NVD: CVE-2020-7508

SOURCES

db:	CNVD	id:	CNVD-2021-21476
db:	JVNDB	id:	JVNDB-2020-006640
db:	CNNVD	id:	CNNVD-202006-1102
db:	NVD	id:	CVE-2020-7508

LAST UPDATE DATE

2024-11-23T21:59:10.758000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21476	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006640	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1102	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-7508	date:	2024-11-21T05:37:16.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21476	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006640	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1102	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7508	date:	2020-06-16T20:15:15.537