Details of VAR-202006-1542

ID

VAR-202006-1542

CVE

CVE-2020-7511

TITLE

Easergy T300 Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006637

DESCRIPTION

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. Easergy T300 Is vulnerable to the use of cryptographic algorithms.Information may be obtained. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France. There is an encryption vulnerability in Schneider Electric Easergy T300 using firmware version 1.5.2 and earlier. The vulnerability is due to the weak encryption algorithm used by the program

Trust: 2.16

sources: NVD: CVE-2020-7511 // JVNDB: JVNDB-2020-006637 // CNVD: CNVD-2021-21479

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21479

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	1.5.2	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=1.5.2	Trust: 0.6

sources: CNVD: CNVD-2021-21479 // JVNDB: JVNDB-2020-006637 // NVD: CVE-2020-7511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7511
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006637
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-21479
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1109
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-7511
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006637
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21479
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7511
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006637
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21479 // JVNDB: JVNDB-2020-006637 // CNNVD: CNNVD-202006-1109 // NVD: CVE-2020-7511

PROBLEMTYPE DATA

problemtype:

CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2020-006637 // NVD: CVE-2020-7511

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1109

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1109

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006637

PATCH

title:	SEVD-2020-161-04	url:	https://www.se.com/ww/en/download/document/SEVD-2020-161-04	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 encryption issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/254351	Trust: 0.6
title:	Schneider Electric Easergy T300 Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121954	Trust: 0.6

sources: CNVD: CNVD-2021-21479 // JVNDB: JVNDB-2020-006637 // CNNVD: CNNVD-202006-1109

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7511	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-161-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006637	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21479	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1109	Trust: 0.6

sources: CNVD: CNVD-2021-21479 // JVNDB: JVNDB-2020-006637 // CNNVD: CNNVD-202006-1109 // NVD: CVE-2020-7511

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7511	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-161-04	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7511	Trust: 0.8

sources: CNVD: CNVD-2021-21479 // JVNDB: JVNDB-2020-006637 // CNNVD: CNNVD-202006-1109 // NVD: CVE-2020-7511

SOURCES

db:	CNVD	id:	CNVD-2021-21479
db:	JVNDB	id:	JVNDB-2020-006637
db:	CNNVD	id:	CNNVD-202006-1109
db:	NVD	id:	CVE-2020-7511

LAST UPDATE DATE

2024-11-23T21:59:10.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21479	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006637	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1109	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-7511	date:	2024-11-21T05:37:17.217

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21479	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006637	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1109	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7511	date:	2020-06-16T20:15:15.770