Sign-up

ID

VAR-202011-1296


CVE

CVE-2020-7561


TITLE

Easergy T300  Access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013840

DESCRIPTION

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. Easergy T300 There is an access control vulnerability in.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Easergy T300 is a new generation of distribution network automation intelligent terminal, adhering to the "modularity, flexibility, application-oriented" design concept, can be widely used in medium voltage distribution network management, fault location, isolation and recovery (FLISR), distributed energy integration Internet, energy growth and asset management. Easergy T300 2.7 and earlier versions have improper access control vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-7561 // JVNDB: JVNDB-2020-013840 // CNVD: CNVD-2021-28290

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28290

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy t300scope:lteversion:2.7

Trust: 1.0

vendor:schneider electricmodel:easergy t300scope:eqversion: -

Trust: 0.8

vendor:schneider electricmodel:easergy t300scope:lteversion:easergy t300 firmware 2.7 and earlier

Trust: 0.8

vendor:schneidermodel:electric easergy t300scope:lteversion:<=2.7

Trust: 0.6

sources: CNVD: CNVD-2021-28290 // JVNDB: JVNDB-2020-013840 // NVD: CVE-2020-7561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7561
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-7561
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-28290
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202011-1671
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-7561
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-28290
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7561
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-7561
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28290 // JVNDB: JVNDB-2020-013840 // CNNVD: CNNVD-202011-1671 // NVD: CVE-2020-7561

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013840 // NVD: CVE-2020-7561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1671

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1671

PATCH

title:SEVD-2020-315-06url:https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

Trust: 0.8

title:Patch for Schneider Electric Easergy T300 Improper Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254011

Trust: 0.6

title:Schneider Electric Easergy T300 Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=135780

Trust: 0.6

sources: CNVD: CNVD-2021-28290 // JVNDB: JVNDB-2020-013840 // CNNVD: CNNVD-202011-1671

EXTERNAL IDS

db:NVDid:CVE-2020-7561

Trust: 3.0

db:ICS CERTid:ICSA-20-343-03

Trust: 2.4

db:SCHNEIDERid:SEVD-2020-315-06

Trust: 1.6

db:JVNid:JVNVU91936841

Trust: 0.8

db:JVNDBid:JVNDB-2020-013840

Trust: 0.8

db:CNVDid:CNVD-2021-28290

Trust: 0.6

db:AUSCERTid:ESB-2020.4360

Trust: 0.6

db:CNNVDid:CNNVD-202011-1671

Trust: 0.6

sources: CNVD: CNVD-2021-28290 // JVNDB: JVNDB-2020-013840 // CNNVD: CNNVD-202011-1671 // NVD: CVE-2020-7561

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-7561

Trust: 2.0

url:https://www.se.com/ww/en/download/document/sevd-2020-315-06/

Trust: 1.6

url:https://jvn.jp/vu/jvnvu91936841/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4360/

Trust: 0.6

sources: CNVD: CNVD-2021-28290 // JVNDB: JVNDB-2020-013840 // CNNVD: CNNVD-202011-1671 // NVD: CVE-2020-7561

SOURCES

db:CNVDid:CNVD-2021-28290
db:JVNDBid:JVNDB-2020-013840
db:CNNVDid:CNNVD-202011-1671
db:NVDid:CVE-2020-7561

LAST UPDATE DATE

2024-11-23T21:58:53.421000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-28290date:2021-04-15T00:00:00
db:JVNDBid:JVNDB-2020-013840date:2021-07-14T03:23:00
db:CNNVDid:CNNVD-202011-1671date:2022-10-31T00:00:00
db:NVDid:CVE-2020-7561date:2024-11-21T05:37:22.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-28290date:2021-03-22T00:00:00
db:JVNDBid:JVNDB-2020-013840date:2021-07-14T00:00:00
db:CNNVDid:CNNVD-202011-1671date:2020-11-19T00:00:00
db:NVDid:CVE-2020-7561date:2020-11-19T22:15:14.880