CVE-2020-7483

EPSS 0.1%
Published 16.04.2020 19:15:34
Last modified 21.11.2024 05:37:14
Source cybersecurity@se.com
Teams watchlist Login
Open Login

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Tristation 1131 Version >= 1.0 <= 4.12.0

   Microsoft ≫ Windows 7 Version-
   Microsoft ≫ Windows Nt Version-
   Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.28

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

Third Party Advisory

US Government Resource

https://www.se.com/ww/en/download/document/SESB-2020-105-01

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7483

EUVD