Details of VAR-202006-1541

ID

VAR-202006-1541

CVE

CVE-2020-7510

TITLE

Easergy T300 Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006636

DESCRIPTION

A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. Easergy T300 There is an information leakage vulnerability in.Information may be obtained. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France

Trust: 2.16

sources: NVD: CVE-2020-7510 // JVNDB: JVNDB-2020-006636 // CNVD: CNVD-2021-21478

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21478

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	1.5.2	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=1.5.2	Trust: 0.6

sources: CNVD: CNVD-2021-21478 // JVNDB: JVNDB-2020-006636 // NVD: CVE-2020-7510

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7510
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006636
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-21478
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1106
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-7510
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006636
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21478
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7510
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006636
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21478 // JVNDB: JVNDB-2020-006636 // CNNVD: CNNVD-202006-1106 // NVD: CVE-2020-7510

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2020-006636 // NVD: CVE-2020-7510

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1106

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1106

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006636

PATCH

title:	SEVD-2020-161-04	url:	https://www.se.com/ww/en/download/document/SEVD-2020-161-04	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 information disclosure vulnerability (CNVD-2021-21478)	url:	https://www.cnvd.org.cn/patchInfo/show/254356	Trust: 0.6
title:	Schneider Electric Easergy T300 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121951	Trust: 0.6

sources: CNVD: CNVD-2021-21478 // JVNDB: JVNDB-2020-006636 // CNNVD: CNNVD-202006-1106

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7510	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-161-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006636	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21478	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1106	Trust: 0.6

sources: CNVD: CNVD-2021-21478 // JVNDB: JVNDB-2020-006636 // CNNVD: CNNVD-202006-1106 // NVD: CVE-2020-7510

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7510	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-161-04	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7510	Trust: 0.8

sources: CNVD: CNVD-2021-21478 // JVNDB: JVNDB-2020-006636 // CNNVD: CNNVD-202006-1106 // NVD: CVE-2020-7510

SOURCES

db:	CNVD	id:	CNVD-2021-21478
db:	JVNDB	id:	JVNDB-2020-006636
db:	CNNVD	id:	CNNVD-202006-1106
db:	NVD	id:	CVE-2020-7510

LAST UPDATE DATE

2024-11-23T21:59:10.627000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21478	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006636	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1106	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7510	date:	2024-11-21T05:37:17.103

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21478	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006636	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1106	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7510	date:	2020-06-16T20:15:15.693