Details of VAR-202006-1544

ID

VAR-202006-1544

CVE

CVE-2020-7513

TITLE

Schneider Electric Easergy T300 information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-21481 // CNNVD: CNNVD-202006-1114

DESCRIPTION

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. Easergy T300 There is a vulnerability in plaintext storage of important information.Information may be obtained. Schneider Electric Easergy T300 is a remote terminal unit used in the electric power industry from Schneider Electric in France

Trust: 2.16

sources: NVD: CVE-2020-7513 // JVNDB: JVNDB-2020-006638 // CNVD: CNVD-2021-21481

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-21481

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	1.5.2	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=1.5.2	Trust: 0.6

sources: CNVD: CNVD-2021-21481 // JVNDB: JVNDB-2020-006638 // NVD: CVE-2020-7513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7513
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006638
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-21481
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1114
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-7513
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006638
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-21481
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006638
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-21481 // JVNDB: JVNDB-2020-006638 // CNNVD: CNNVD-202006-1114 // NVD: CVE-2020-7513

PROBLEMTYPE DATA

problemtype:

CWE-312

Trust: 1.8

sources: JVNDB: JVNDB-2020-006638 // NVD: CVE-2020-7513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1114

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1114

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006638

PATCH

title:	SEVD-2020-161-04	url:	https://www.se.com/ww/en/download/document/SEVD-2020-161-04	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/254341	Trust: 0.6
title:	Schneider Electric Easergy T300 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121958	Trust: 0.6

sources: CNVD: CNVD-2021-21481 // JVNDB: JVNDB-2020-006638 // CNNVD: CNNVD-202006-1114

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7513	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-161-04	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-006638	Trust: 0.8
db:	CNVD	id:	CNVD-2021-21481	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1114	Trust: 0.6

sources: CNVD: CNVD-2021-21481 // JVNDB: JVNDB-2020-006638 // CNNVD: CNNVD-202006-1114 // NVD: CVE-2020-7513

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7513	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2020-161-04	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7513	Trust: 0.8

sources: CNVD: CNVD-2021-21481 // JVNDB: JVNDB-2020-006638 // CNNVD: CNNVD-202006-1114 // NVD: CVE-2020-7513

SOURCES

db:	CNVD	id:	CNVD-2021-21481
db:	JVNDB	id:	JVNDB-2020-006638
db:	CNNVD	id:	CNNVD-202006-1114
db:	NVD	id:	CVE-2020-7513

LAST UPDATE DATE

2024-11-23T21:59:10.731000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-21481	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006638	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1114	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-7513	date:	2024-11-21T05:37:17.443

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-21481	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-006638	date:	2020-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202006-1114	date:	2020-06-16T00:00:00
db:	NVD	id:	CVE-2020-7513	date:	2020-06-16T20:15:15.973