CVE-2020-7510

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 1.5.2 and older

Description The issue is related to the lack of protection for service data in the firmware of the Easergy T300 modular controller for transformer substations. This could allow a remote attacker to compromise private keys used on the device. The vulnerability is classified as a CWE-200: Information Exposure issue, which may enable an attacker to obtain private keys.

Recommendations For versions 1.5.2 and older, update the firmware to a version newer than 1.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.