CyberSec.Space Logo
Back to CVE Browser

CVE-2020-28215

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile31.03th
PublishedDec 11, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.

Affected Platforms (CPE)

πŸ’»
Schneider Electric

Easergy T300 Firmware

<= 2.7

References & Advisories

πŸ”— https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03
πŸ”— https://www.se.com/ww/en/download/document/SEVD-2020-315-06/
πŸ”— https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03
πŸ”— https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

Related Vulnerabilities

CVE-2020-75619.8

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that co...

CVE-2020-75089.8

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 a...

CVE-2020-75129.8

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware v...

CVE-2020-75038.8

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could a...