Missing Authentication in Easergy T300 by Schneider Electric
CVE-2020-7561

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Easergy T300 With Firmware 2.7 And Older
Vendor: CVE Published:; 19 November 2020

Summary

A significant security vulnerability exists in the Easergy T300, specifically affecting firmware versions 2.7 and older. This flaw allows unauthorized users to access critical functionalities without proper authentication. As a result, attackers could potentially expose sensitive information, disrupt service availability, or execute commands on the affected system. Addressing this issue is vital to maintaining the integrity and security of the devices.

Affected Version(s)

Easergy T300 with firmware 2.7 and older Easergy T300 with firmware 2.7 and older

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Jan 21, 2020