Details of VAR-202006-1543

ID

VAR-202006-1543

CVE

CVE-2020-7512

TITLE

Easergy T300 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006774

DESCRIPTION

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. Easergy T300 There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France

Trust: 2.16

sources: NVD: CVE-2020-7512 // JVNDB: JVNDB-2020-006774 // CNVD: CNVD-2021-21480

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21480

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	1.5.2	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=1.5.2	Trust: 0.6

sources: CNVD: CNVD-2021-21480 // JVNDB: JVNDB-2020-006774 // NVD: CVE-2020-7512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7512
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006774
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-21480
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1112
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-7512
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006774
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21480
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7512
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006774
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21480 // JVNDB: JVNDB-2020-006774 // CNNVD: CNNVD-202006-1112 // NVD: CVE-2020-7512

PROBLEMTYPE DATA

problemtype:	CWE-1103	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2020-006774 // NVD: CVE-2020-7512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1112

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1112

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006774

PATCH

title:	SEVD-2020-161-04	url:	https://www.se.com/ww/en/download/document/SEVD-2020-161-04	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 has an unspecified vulnerability (CNVD-2021-21480)	url:	https://www.cnvd.org.cn/patchInfo/show/254346	Trust: 0.6
title:	Schneider Electric Easergy T300 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121759	Trust: 0.6

sources: CNVD: CNVD-2021-21480 // JVNDB: JVNDB-2020-006774 // CNNVD: CNNVD-202006-1112

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7512	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-161-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006774	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21480	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1112	Trust: 0.6

sources: CNVD: CNVD-2021-21480 // JVNDB: JVNDB-2020-006774 // CNNVD: CNNVD-202006-1112 // NVD: CVE-2020-7512

REFERENCES

url:	https://www.se.com/ww/en/download/document/sevd-2020-161-04	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7512	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7512	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7512\	Trust: 0.8

sources: CNVD: CNVD-2021-21480 // JVNDB: JVNDB-2020-006774 // CNNVD: CNNVD-202006-1112 // NVD: CVE-2020-7512

SOURCES

db:	CNVD	id:	CNVD-2021-21480
db:	JVNDB	id:	JVNDB-2020-006774
db:	CNNVD	id:	CNNVD-202006-1112
db:	NVD	id:	CVE-2020-7512

LAST UPDATE DATE

2024-11-23T21:59:11.156000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21480	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006774	date:	2020-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202006-1112	date:	2020-06-22T00:00:00
db:	NVD	id:	CVE-2020-7512	date:	2024-11-21T05:37:17.327

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21480	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006774	date:	2020-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202006-1112	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7512	date:	2020-06-16T20:15:15.863