9.8
CVE-2020-7548
- EPSS 0.59%
- Published 01.12.2020 15:15:12
- Last modified 21.11.2024 05:37:21
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Acti9 Smartlink Si D Firmware Version < 002.004.002
Schneider-electric ≫ Acti9 Smartlink Si B Firmware Version < 002.004.002
Schneider-electric ≫ Acti9 Powertag Link Firmware Version < 001.008.007
Schneider-electric ≫ Acti9 Powertag Link Hd Firmware Version < 001.008.007
Schneider-electric ≫ Acti9 Smartlink El B Firmware Version < 1.2.1
Schneider-electric ≫ Wiser Link Firmware Version < 1.5.0
Schneider-electric ≫ Wiser Energy Firmware Version < 1.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.666 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.