Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-357
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Schneider Electric Easergy. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Easergy Builder versions antérieures à 1.6.3.0 | ||
| Schneider Electric | N/A | Easergy T300 versions antérieures à 2.7 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Easergy Builder versions ant\u00e9rieures \u00e0 1.6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy T300 versions ant\u00e9rieures \u00e0 2.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7513"
},
{
"name": "CVE-2020-7515",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7515"
},
{
"name": "CVE-2020-7506",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7506"
},
{
"name": "CVE-2020-7505",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7505"
},
{
"name": "CVE-2020-7507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7507"
},
{
"name": "CVE-2020-7517",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7517"
},
{
"name": "CVE-2020-7518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7518"
},
{
"name": "CVE-2020-7509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7509"
},
{
"name": "CVE-2020-7503",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7503"
},
{
"name": "CVE-2020-7519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7519"
},
{
"name": "CVE-2020-7512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7512"
},
{
"name": "CVE-2020-7516",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7516"
},
{
"name": "CVE-2020-7514",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7514"
},
{
"name": "CVE-2020-7511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7511"
},
{
"name": "CVE-2020-7504",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7504"
},
{
"name": "CVE-2020-7508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7508"
},
{
"name": "CVE-2020-7510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7510"
}
],
"initial_release_date": "2020-06-10T00:00:00",
"last_revision_date": "2020-06-10T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-357",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Schneider Electric\nEasergy. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Schneider Electric Easergy",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-161-04 du 09 juin 2020",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-161-04_Easergy_T300_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-161-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-161-05 du 09 juin 2020",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2020-161-05_Easergy_Builder_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2020-161-05"
}
]
}
CVE-2020-7510 (GCVE-0-2020-7510)
Vulnerability from cvelistv5
Published
2020-06-16 19:44
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:44:55.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7510",
"datePublished": "2020-06-16T19:44:55.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7511 (GCVE-0-2020-7511)
Vulnerability from cvelistv5
Published
2020-06-16 19:45
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:45:13.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7511",
"datePublished": "2020-06-16T19:45:13.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7504 (GCVE-0-2020-7504)
Vulnerability from cvelistv5
Published
2020-06-16 19:42
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:42:25.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7504",
"datePublished": "2020-06-16T19:42:25.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7506 (GCVE-0-2020-7506)
Vulnerability from cvelistv5
Published
2020-06-16 19:43
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 Firmware V1.5.2 and prior |
Version: Easergy T300 Firmware V1.5.2 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 Firmware V1.5.2 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 Firmware V1.5.2 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T17:26:53.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 Firmware V1.5.2 and prior",
"version": {
"version_data": [
{
"version_value": "Easergy T300 Firmware V1.5.2 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7506",
"datePublished": "2020-06-16T19:43:23.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7505 (GCVE-0-2020-7505)
Vulnerability from cvelistv5
Published
2020-06-16 19:42
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:42:41.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7505",
"datePublished": "2020-06-16T19:42:41.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7517 (GCVE-0-2020-7517)
Vulnerability from cvelistv5
Published
2020-07-23 20:47
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy Builder (Version 1.4.7.2 and older) |
Version: Easergy Builder (Version 1.4.7.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy Builder (Version 1.4.7.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T20:47:20.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy Builder (Version 1.4.7.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7517",
"datePublished": "2020-07-23T20:47:20.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7515 (GCVE-0-2020-7515)
Vulnerability from cvelistv5
Published
2020-07-23 20:47
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy Builder V1.4.7.2 and prior |
Version: Easergy Builder V1.4.7.2 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy Builder V1.4.7.2 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy Builder V1.4.7.2 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T17:26:57.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy Builder V1.4.7.2 and prior",
"version": {
"version_data": [
{
"version_value": "Easergy Builder V1.4.7.2 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7515",
"datePublished": "2020-07-23T20:47:02.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7518 (GCVE-0-2020-7518)
Vulnerability from cvelistv5
Published
2020-07-23 20:51
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper input validation
Summary
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy Builder (Version 1.4.7.2 and older) |
Version: Easergy Builder (Version 1.4.7.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy Builder (Version 1.4.7.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T20:51:30.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy Builder (Version 1.4.7.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7518",
"datePublished": "2020-07-23T20:51:30.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7512 (GCVE-0-2020-7512)
Vulnerability from cvelistv5
Published
2020-06-16 19:45
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1103 - Use of Platform-Dependent Third Party Components
Summary
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1103",
"description": "CWE-1103: Use of Platform-Dependent Third Party Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:45:22.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1103: Use of Platform-Dependent Third Party Components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7512",
"datePublished": "2020-06-16T19:45:22.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7514 (GCVE-0-2020-7514)
Vulnerability from cvelistv5
Published
2020-07-23 20:46
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy Builder (Version 1.4.7.2 and older) |
Version: Easergy Builder (Version 1.4.7.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy Builder (Version 1.4.7.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T20:46:54.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy Builder (Version 1.4.7.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7514",
"datePublished": "2020-07-23T20:46:54.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7513 (GCVE-0-2020-7513)
Vulnerability from cvelistv5
Published
2020-06-16 19:45
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:45:31.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7513",
"datePublished": "2020-06-16T19:45:31.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7508 (GCVE-0-2020-7508)
Vulnerability from cvelistv5
Published
2020-06-16 19:44
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Summary
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:44:18.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7508",
"datePublished": "2020-06-16T19:44:18.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7507 (GCVE-0-2020-7507)
Vulnerability from cvelistv5
Published
2020-06-16 19:43
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:43:47.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7507",
"datePublished": "2020-06-16T19:43:47.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7509 (GCVE-0-2020-7509)
Vulnerability from cvelistv5
Published
2020-06-16 19:44
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper privilege management (write)
Summary
A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper privilege management (write)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:44:37.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper privilege management (write)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7509",
"datePublished": "2020-06-16T19:44:37.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7516 (GCVE-0-2020-7516)
Vulnerability from cvelistv5
Published
2020-07-23 20:47
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy Builder V1.4.7.2 and prior |
Version: Easergy Builder V1.4.7.2 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy Builder V1.4.7.2 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy Builder V1.4.7.2 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T17:27:01.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy Builder V1.4.7.2 and prior",
"version": {
"version_data": [
{
"version_value": "Easergy Builder V1.4.7.2 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7516",
"datePublished": "2020-07-23T20:47:11.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7503 (GCVE-0-2020-7503)
Vulnerability from cvelistv5
Published
2020-06-16 19:42
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy T300 (Firmware version 1.5.2 and older) |
Version: Easergy T300 (Firmware version 1.5.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy T300 (Firmware version 1.5.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T19:42:10.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy T300 (Firmware version 1.5.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy T300 (Firmware version 1.5.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7503",
"datePublished": "2020-06-16T19:42:10.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7519 (GCVE-0-2020-7519)
Vulnerability from cvelistv5
Published
2020-07-23 20:51
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Easergy Builder (Version 1.4.7.2 and older) |
Version: Easergy Builder (Version 1.4.7.2 and older) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easergy Builder (Version 1.4.7.2 and older)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T20:51:41.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easergy Builder (Version 1.4.7.2 and older)",
"version": {
"version_data": [
{
"version_value": "Easergy Builder (Version 1.4.7.2 and older)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521: Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7519",
"datePublished": "2020-07-23T20:51:41.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…