Sign-up

ID

VAR-202012-0818


CVE

CVE-2020-28218


TITLE

Easergy T300  Vulnerability in Improper Restriction of Rendered User Interface Layers or Frames

Trust: 0.8

sources: JVNDB: JVNDB-2020-014346

DESCRIPTION

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. Easergy T300 Is vulnerable to improper restrictions on rendered user interface layers or frames.Information may be tampered with. Easergy T300 is a new generation of distribution network automation intelligent terminal, adhering to the "modularity, flexibility, application-oriented" design concept, can be widely used in medium voltage distribution network management, fault location, isolation and recovery (FLISR), distributed energy integration Internet, energy growth and asset management. Easergy T300 2.7 and earlier versions have improper limitations on rendering the UI layer or frame. Attackers can use this vulnerability to induce users to initiate other actions

Trust: 2.16

sources: NVD: CVE-2020-28218 // JVNDB: JVNDB-2020-014346 // CNVD: CNVD-2021-19762

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-19762

AFFECTED PRODUCTS

vendor:schneider electricmodel:easergy t300scope:lteversion:2.7

Trust: 1.0

vendor:schneider electricmodel:easergy t300scope:lteversion:easergy t300 firmware 2.7 and earlier

Trust: 0.8

vendor:schneider electricmodel:easergy t300scope:eqversion: -

Trust: 0.8

vendor:schneidermodel:electric easergy t300scope:lteversion:<=2.7

Trust: 0.6

sources: CNVD: CNVD-2021-19762 // JVNDB: JVNDB-2020-014346 // NVD: CVE-2020-28218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-28218
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-28218
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-19762
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202012-723
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-28218
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-19762
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-28218
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-28218
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-19762 // JVNDB: JVNDB-2020-014346 // CNNVD: CNNVD-202012-723 // NVD: CVE-2020-28218

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014346 // NVD: CVE-2020-28218

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-723

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-723

PATCH

title:SEVD-2020-315-06url:https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

Trust: 0.8

title:Patch for Schneider Electric Easergy T300 has an unspecified vulnerability (CNVD-2021-19762)url:https://www.cnvd.org.cn/patchInfo/show/253991

Trust: 0.6

title:Schneider Electric Easergy T300 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136856

Trust: 0.6

sources: CNVD: CNVD-2021-19762 // JVNDB: JVNDB-2020-014346 // CNNVD: CNNVD-202012-723

EXTERNAL IDS

db:NVDid:CVE-2020-28218

Trust: 3.0

db:ICS CERTid:ICSA-20-343-03

Trust: 3.0

db:SCHNEIDERid:SEVD-2020-315-06

Trust: 1.6

db:JVNid:JVNVU91936841

Trust: 0.8

db:JVNDBid:JVNDB-2020-014346

Trust: 0.8

db:CNVDid:CNVD-2021-19762

Trust: 0.6

db:AUSCERTid:ESB-2020.4360

Trust: 0.6

db:CNNVDid:CNNVD-202012-723

Trust: 0.6

sources: CNVD: CNVD-2021-19762 // JVNDB: JVNDB-2020-014346 // CNNVD: CNNVD-202012-723 // NVD: CVE-2020-28218

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03

Trust: 3.6

url:https://www.se.com/ww/en/download/document/sevd-2020-315-06/

Trust: 1.6

url:https://jvn.jp/vu/jvnvu91936841/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-28218

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4360/

Trust: 0.6

sources: CNVD: CNVD-2021-19762 // JVNDB: JVNDB-2020-014346 // CNNVD: CNNVD-202012-723 // NVD: CVE-2020-28218

SOURCES

db:CNVDid:CNVD-2021-19762
db:JVNDBid:JVNDB-2020-014346
db:CNNVDid:CNNVD-202012-723
db:NVDid:CVE-2020-28218

LAST UPDATE DATE

2024-11-23T21:58:53.341000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-19762date:2021-03-22T00:00:00
db:JVNDBid:JVNDB-2020-014346date:2021-08-13T09:04:00
db:CNNVDid:CNNVD-202012-723date:2020-12-16T00:00:00
db:NVDid:CVE-2020-28218date:2024-11-21T05:22:29.720

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-19762date:2021-03-22T00:00:00
db:JVNDBid:JVNDB-2020-014346date:2021-08-13T00:00:00
db:CNNVDid:CNNVD-202012-723date:2020-12-08T00:00:00
db:NVDid:CVE-2020-28218date:2020-12-11T01:15:11.797