CVE-2020-28215

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 2.7 and older

Description The issue is related to incorrect user authorization in the firmware of the Easergy T300 RTU, allowing a remote attacker to view and modify the device's configuration file. This could lead to a range of problems, including information exposures, denial of service, and arbitrary code execution due to inconsistent application of access control checks.

Recommendations For versions 2.7 and older, consider restricting access to the device's configuration file until a patch is available. As a temporary workaround, apply consistent access control checks to prevent unauthorized modifications to the device's configuration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.