PT-2019-5388 · Schneider Electric · Easergy T300

Publicado

2019-06-12

Atualizado

2020-06-17

CVE-2020-7504

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 1.5.2 and older

Description The issue is due to insufficient input validation in the web server software of the Easergy T300, allowing a remote attacker to disable the web server service by sending specially crafted network packets.

Recommendations For versions 1.5.2 and older, update to a version newer than 1.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the web server service to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2020-02721

CVE-2020-7504

Produtos afetados

Easergy T300

PT-2019-5388 · Schneider Electric · Easergy T300

CVE-2020-7504

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6