Denial of Service Vulnerability in Schneider Electric's TriStation Software
CVE-2020-7484

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Tristation Ts1131 (v4.0.0 To V4.9.0, V4.10.0)
Vendor: CVE Published:; 15 April 2020

Summary

The vulnerability within Schneider Electric's TriStation software arises when users fail to adhere to documented guidelines related to dedicated TriStation connections and key-switch protection. This oversight could potentially lead to a denial of service. It should be noted that this vulnerability was addressed in versions 4.9.1 and 4.10.1, which are free of the said issue. Therefore, organizations utilizing supported versions of TriStation are safeguarded against this risk.

Affected Version(s)

TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)

References

https://www.se.com/ww/en/download/document/SESB-2020-105-01

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Jan 21, 2020