9.8
CVE-2020-7548
- EPSS 0.59%
- Veröffentlicht 01.12.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:37:21
- Quelle cybersecurity@se.com
- Teams Watchlist Login
- Unerledigt Login
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Acti9 Smartlink Si D Firmware Version < 002.004.002
Schneider-electric ≫ Acti9 Smartlink Si B Firmware Version < 002.004.002
Schneider-electric ≫ Acti9 Powertag Link Firmware Version < 001.008.007
Schneider-electric ≫ Acti9 Powertag Link Hd Firmware Version < 001.008.007
Schneider-electric ≫ Acti9 Smartlink El B Firmware Version < 1.2.1
Schneider-electric ≫ Wiser Link Firmware Version < 1.5.0
Schneider-electric ≫ Wiser Energy Firmware Version < 1.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.666 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.