Improper Input Validation in Easergy T300 Firmware by Schneider Electric
CVE-2020-7504

5.3MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Easergy T300 (firmware Version 1.5.2 And Older)
Vendor: CVE Published:; 16 June 2020

Summary

An improper input validation vulnerability exists in Easergy T300 devices, specifically in firmware version 1.5.2 and earlier. This vulnerability can be exploited by attackers who send specially crafted network packets to the device. If successful, the attack could disable the webserver service, potentially disrupting normal operations and opening pathways for further attacks. Organizations using these devices should ensure that they have implemented appropriate security measures to mitigate potential risks.

Affected Version(s)

Easergy T300 (Firmware version 1.5.2 and older) Easergy T300 (Firmware version 1.5.2 and older)

References

https://www.se.com/ww/en/download/document/SEVD-2020-161-04

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Jan 21, 2020