PT-2019-5388 · Schneider Electric · Easergy T300

Published

2019-06-12

Updated

2020-06-17

CVE-2020-7504

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 1.5.2 and older

Description The issue is due to insufficient input validation in the web server software of the Easergy T300, allowing a remote attacker to disable the web server service by sending specially crafted network packets.

Recommendations For versions 1.5.2 and older, update to a version newer than 1.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the web server service to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-02721

CVE-2020-7504

Affected Products

Easergy T300

PT-2019-5388 · Schneider Electric · Easergy T300

CVE-2020-7504

Weakness Enumeration

Related Identifiers

Affected Products

References · 6