Schneider-electric

Easergy T300 Firmware

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-28217

  • EPSS 0.06%
  • Veröffentlicht 11.12.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:22:29

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

7.5

CVE-2020-28216

  • EPSS 0.08%
  • Veröffentlicht 11.12.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:22:29

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

9.8

CVE-2020-7561

  • EPSS 1.59%
  • Veröffentlicht 19.11.2020 22:15:14
  • Zuletzt bearbeitet 21.11.2024 05:37:22

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access...

8.8

CVE-2020-7503

  • EPSS 0.17%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:16

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

7.5

CVE-2020-7513

  • EPSS 0.15%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:17

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.

9.8

CVE-2020-7512

  • EPSS 0.43%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:17

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.

7.5

CVE-2020-7511

  • EPSS 0.15%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:17

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

7.5

CVE-2020-7510

  • EPSS 0.32%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:17

A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.

7.2

CVE-2020-7509

  • EPSS 0.4%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:16

A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

9.8

CVE-2020-7508

  • EPSS 0.26%
  • Veröffentlicht 16.06.2020 20:15:15
  • Zuletzt bearbeitet 21.11.2024 05:37:16

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.