PT-2020-6368 · Schneider Electric · Easergy T300

Evgeniy Druzhinin

Published

2020-11-19

Updated

2020-12-14

CVE-2020-28216

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 2.7 and older

Description The issue is related to the lack of encryption for sensitive data in the firmware of the Easergy T300 RTU. This could allow a remote attacker to gain unauthorized access to network traffic over the HTTP protocol. The vulnerability may enable an attacker to read network traffic, potentially leading to further security issues.

Recommendations For versions 2.7 and older, update the firmware to a version that includes encryption for sensitive data to prevent unauthorized access to network traffic. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

BDU:2021-04323

CVE-2020-28216

Affected Products

Easergy T300

PT-2020-6368 · Schneider Electric · Easergy T300

CVE-2020-28216

Weakness Enumeration

Related Identifiers

Affected Products

References · 8