Details of VAR-202012-0816

ID

VAR-202012-0816

CVE

CVE-2020-28216

TITLE

Easergy T300 Vulnerability regarding lack of encryption of critical data in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014344

DESCRIPTION

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. Easergy T300 There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Easergy T300 is a new generation of distribution network automation intelligent terminal, adhering to the "modularity, flexibility, application-oriented" design concept, can be widely used in medium voltage distribution network management, fault location, isolation and recovery (FLISR), distributed energy integration Internet, energy growth and asset management. Easergy T300 2.7 and earlier versions have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-28216 // JVNDB: JVNDB-2020-014344 // CNVD: CNVD-2021-19764

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-19764

AFFECTED PRODUCTS

vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	2.7	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	easergy t300 firmware 2.7 and earlier	Trust: 0.8
vendor:	schneider electric	model:	easergy t300	scope:	eq	version:	-	Trust: 0.8
vendor:	schneider	model:	electric easergy t300	scope:	lte	version:	<=2.7	Trust: 0.6

sources: CNVD: CNVD-2021-19764 // JVNDB: JVNDB-2020-014344 // NVD: CVE-2020-28216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-28216
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-28216
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-19764
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-727
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-28216
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-19764
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-28216
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-28216
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-19764 // JVNDB: JVNDB-2020-014344 // CNNVD: CNNVD-202012-727 // NVD: CVE-2020-28216

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.0
problemtype:	Lack of encryption of critical data (CWE-311) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014344 // NVD: CVE-2020-28216

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-727

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-727

PATCH

title:	SEVD-2020-315-06	url:	https://www.se.com/ww/en/download/document/SEVD-2020-315-06/	Trust: 0.8
title:	Patch for Schneider Electric Easergy T300 has unspecified vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/254001	Trust: 0.6
title:	Schneider Electric Easergy T300 Repair measures for other vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136860	Trust: 0.6

sources: CNVD: CNVD-2021-19764 // JVNDB: JVNDB-2020-014344 // CNNVD: CNNVD-202012-727

EXTERNAL IDS

db:	NVD	id:	CVE-2020-28216	Trust: 3.0
db:	ICS CERT	id:	ICSA-20-343-03	Trust: 3.0
db:	SCHNEIDER	id:	SEVD-2020-315-06	Trust: 1.6
db:	JVN	id:	JVNVU91936841	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014344	Trust: 0.8
db:	CNVD	id:	CNVD-2021-19764	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4360	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-727	Trust: 0.6

sources: CNVD: CNVD-2021-19764 // JVNDB: JVNDB-2020-014344 // CNNVD: CNNVD-202012-727 // NVD: CVE-2020-28216

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03	Trust: 3.6
url:	https://www.se.com/ww/en/download/document/sevd-2020-315-06/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28216	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91936841/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.4360/	Trust: 0.6

sources: CNVD: CNVD-2021-19764 // JVNDB: JVNDB-2020-014344 // CNNVD: CNNVD-202012-727 // NVD: CVE-2020-28216

SOURCES

db:	CNVD	id:	CNVD-2021-19764
db:	JVNDB	id:	JVNDB-2020-014344
db:	CNNVD	id:	CNNVD-202012-727
db:	NVD	id:	CVE-2020-28216

LAST UPDATE DATE

2024-11-23T21:58:53.508000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-19764	date:	2021-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-014344	date:	2021-08-13T09:04:00
db:	CNNVD	id:	CNNVD-202012-727	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-28216	date:	2024-11-21T05:22:29.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-19764	date:	2021-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-014344	date:	2021-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202012-727	date:	2020-12-08T00:00:00
db:	NVD	id:	CVE-2020-28216	date:	2020-12-11T01:15:11.627