ID

VAR-202012-0815


CVE

CVE-2020-28215


TITLE

Easergy T300  Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-014343

DESCRIPTION

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently. Easergy T300 Is vulnerable to a lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Easergy T300 is a new generation of distribution network automation intelligent terminal, adhering to the "modularity, flexibility, application-oriented" design concept, can be widely used in medium voltage distribution network management, fault location, isolation and recovery (FLISR), distributed energy integration Internet, energy growth and asset management. Easergy T300 2.7 and earlier versions have improper access control vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-28215 // JVNDB: JVNDB-2020-014343 // CNVD: CNVD-2021-19765

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-19765

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy t300scope:lteversion:2.7

Trust: 1.0

vendor:schneider electricmodel:easergy t300scope:lteversion:easergy t300 firmware 2.7 and earlier

Trust: 0.8

vendor:schneider electricmodel:easergy t300scope:eqversion: -

Trust: 0.8

vendor:schneidermodel:electric easergy t300scope:lteversion:<=2.7

Trust: 0.6

sources: CNVD: CNVD-2021-19765 // JVNDB: JVNDB-2020-014343 // NVD: CVE-2020-28215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-28215
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-28215
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-19765
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202012-728
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-28215
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-19765
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-28215
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-28215
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-19765 // JVNDB: JVNDB-2020-014343 // CNNVD: CNNVD-202012-728 // NVD: CVE-2020-28215

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:Lack of authentication (CWE-862) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014343 // NVD: CVE-2020-28215

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-728

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-728

PATCH

title:SEVD-2020-315-06url:https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

Trust: 0.8

title:Patch for Schneider Electric Easergy T300 Access Control Improper Vulnerability (CNVD-2021-19765)url:https://www.cnvd.org.cn/patchInfo/show/254006

Trust: 0.6

title:Schneider Electric Easergy T300 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137261

Trust: 0.6

sources: CNVD: CNVD-2021-19765 // JVNDB: JVNDB-2020-014343 // CNNVD: CNNVD-202012-728

EXTERNAL IDS

db:ICS CERTid:ICSA-20-343-03

Trust: 3.0

db:NVDid:CVE-2020-28215

Trust: 3.0

db:SCHNEIDERid:SEVD-2020-315-06

Trust: 1.6

db:JVNid:JVNVU91936841

Trust: 0.8

db:JVNDBid:JVNDB-2020-014343

Trust: 0.8

db:CNVDid:CNVD-2021-19765

Trust: 0.6

db:AUSCERTid:ESB-2020.4360

Trust: 0.6

db:CNNVDid:CNNVD-202012-728

Trust: 0.6

sources: CNVD: CNVD-2021-19765 // JVNDB: JVNDB-2020-014343 // CNNVD: CNNVD-202012-728 // NVD: CVE-2020-28215

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03

Trust: 3.6

url:https://www.se.com/ww/en/download/document/sevd-2020-315-06/

Trust: 1.6

url:https://jvn.jp/vu/jvnvu91936841/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-28215

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4360/

Trust: 0.6

sources: CNVD: CNVD-2021-19765 // JVNDB: JVNDB-2020-014343 // CNNVD: CNNVD-202012-728 // NVD: CVE-2020-28215

SOURCES

db:CNVDid:CNVD-2021-19765
db:JVNDBid:JVNDB-2020-014343
db:CNNVDid:CNNVD-202012-728
db:NVDid:CVE-2020-28215

LAST UPDATE DATE

2024-11-23T21:58:53.290000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-19765date:2021-03-22T00:00:00
db:JVNDBid:JVNDB-2020-014343date:2021-08-13T09:04:00
db:CNNVDid:CNNVD-202012-728date:2020-12-16T00:00:00
db:NVDid:CVE-2020-28215date:2024-11-21T05:22:29.370

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-19765date:2021-03-22T00:00:00
db:JVNDBid:JVNDB-2020-014343date:2021-08-13T00:00:00
db:CNNVDid:CNNVD-202012-728date:2020-12-08T00:00:00
db:NVDid:CVE-2020-28215date:2020-12-11T01:15:11.547