CVE-2020-7561 - OpenCVE

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Easergy T300 Easergy T300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03	Third Party Advisory US Government Resource
https://www.se.com/ww/en/download/document/SEVD-2020-315-06/	Patch Product Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2020-11-19T00:00:00

Updated: 2022-10-28T00:00:00

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7561

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-19T22:15:14.880

Modified: 2022-12-12T21:12:27.530

Link: CVE-2020-7561

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7763787-4033-4B18-B50E-67B47C6388FA", "versionEndIncluding": "2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*", "matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted."}, {"lang": "es", "value": "CWE-306: Falta de Autenticaci\u00f3n para funciones cr\u00edticas existe una vulnerabilidad en el Easergy T300 (con firmware 2.7 y anterior) que podr\u00eda causar una amplia gama de problemas, incluyendo la exposici\u00f3n de informaci\u00f3n, la denegaci\u00f3n de servicio y la ejecuci\u00f3n de comandos cuando el acceso a un recurso de un atacante no est\u00e1 restringido o est\u00e1 restringido incorrectamente"}], "id": "CVE-2020-7561", "lastModified": "2022-12-12T21:12:27.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-19T22:15:14.880", "references": [{"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03"}, {"source": "cybersecurity@se.com", "tags": ["Patch", "Product", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cybersecurity@se.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Secondary"}]}