Vulnerabilites related to schneider-electric - tricon_tcm_4351a_firmware
Vulnerability from fkie_nvd
Published
2020-07-23 21:15
Modified
2024-11-21 05:37
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3183741-92D5-4437-91F6-AF666232204B",
                     versionEndExcluding: "10.5.4",
                     versionStartIncluding: "10.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4351:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CA997CF-D574-4D1B-B71F-A0EBB31303DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA3F011D-5096-4EF6-94B7-9D66DC29583F",
                     versionEndExcluding: "10.5.4",
                     versionStartIncluding: "10.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4352:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A965FF8-A474-447E-84AE-ED902B47A3A3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8F8AB23-9DA4-4430-9FB1-BCC7D8BB88A9",
                     versionEndExcluding: "10.5.4",
                     versionStartIncluding: "10.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4351a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D4D6502-A5D3-44A9-AF07-6717EADB98D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F909483-5DEA-4565-96B7-58BC3F0554CE",
                     versionEndExcluding: "10.5.4",
                     versionStartIncluding: "10.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4351b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A46632D-151C-43D3-BFA3-72C87304AB8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AA8E6F5-7D88-403B-B3A2-FB28C5369DF2",
                     versionEndExcluding: "10.5.4",
                     versionStartIncluding: "10.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4352a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4836B8C-1BEC-4076-928D-CBB403836BF2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B069292-3C0B-4CF8-8049-5E45A88FB4CB",
                     versionEndExcluding: "10.5.4",
                     versionStartIncluding: "10.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4352b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "89D4DE85-CC63-415C-9C07-8DE9C762AF3B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EED15135-BC97-44FD-A2FF-3AEFACB79543",
                     versionEndIncluding: "4.9.0",
                     versionStartIncluding: "1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "016138FC-307D-48D8-87F9-045A8A22498D",
                     versionEndIncluding: "4.12.0",
                     versionStartIncluding: "4.10.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tristation_1131:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "723A226B-0742-4FC7-BF67-C7FA575BC85A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.",
      },
      {
         lang: "es",
         value: "**VERSION NO SOPORTADA CUANDO SE ASIGNÓ** Una cuenta de puerto de depuración heredada en los TCM instalados en  sistema Tricon versiones 10.2.0 hasta 10.5.3, es visible en la red y podría permitir un acceso inapropiado. Esta vulnerabilidad es corregida en TCM versión 10.5.4",
      },
   ],
   id: "CVE-2020-7491",
   lastModified: "2024-11-21T05:37:15.040",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-23T21:15:12.113",
   references: [
      {
         source: "cybersecurity@se.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
      },
      {
         source: "cybersecurity@se.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
      },
   ],
   sourceIdentifier: "cybersecurity@se.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 05:37
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:10.3.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "E790DC73-7F6F-452B-8B96-FCCD754518EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:10.4.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4D61671-CD0D-40FF-BD87-A093C765E8DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4351:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CA997CF-D574-4D1B-B71F-A0EBB31303DA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:10.3.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "57A739ED-A179-414E-B42A-34B68DC2A2B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:10.4.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BC76821-5EF5-42E9-9456-5BE68A82C807",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4352:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A965FF8-A474-447E-84AE-ED902B47A3A3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:10.3.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "A031568A-CFD6-4C08-AFF6-4B98C886DC6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:10.4.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "274D41C5-B915-4B51-9285-0B669A7BA9A7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4351a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D4D6502-A5D3-44A9-AF07-6717EADB98D0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:10.3.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "99273E70-3A45-4BB1-88E6-B18E978A843E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:10.4.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "63480CBF-C64A-40A4-B516-73F916192849",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4351b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A46632D-151C-43D3-BFA3-72C87304AB8B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:10.3.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "278D4E5E-8AE5-455E-96AA-600B3014E784",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:10.4.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C5124C7-B4FF-429C-B5CD-C733617C7F12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4352a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4836B8C-1BEC-4076-928D-CBB403836BF2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:10.3.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A1C7148-99BB-41CE-A8C5-73ECE290FDBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:10.4.x:*:*:*:*:*:*:*",
                     matchCriteriaId: "165FCAD0-AB79-4693-8C88-167C2941E887",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:schneider-electric:tricon_tcm_4352b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "89D4DE85-CC63-415C-9C07-8DE9C762AF3B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.",
      },
      {
         lang: "es",
         value: "**VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ** Una vulnerabilidad podría causar que los módulos TCM se restablezcan cuando se encuentren bajo una alta carga de red en TCM versión v10.4.x y en el system versión v10.3.x. Esta vulnerabilidad fue descubierta y corregida en la versión v10.5.x el 13 de agosto de 2009. Los TCM a partir de la versión v10.5.x ya no mostrarán este comportamiento.",
      },
   ],
   id: "CVE-2020-7486",
   lastModified: "2024-11-21T05:37:14.460",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-16T19:15:34.823",
   references: [
      {
         source: "cybersecurity@se.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
      },
      {
         source: "cybersecurity@se.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
      },
   ],
   sourceIdentifier: "cybersecurity@se.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2020-7486
Vulnerability from cvelistv5
Published
2020-04-15 21:03
Modified
2024-08-04 09:33
Severity ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.
Impacted products
Vendor Product Version
n/a Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x) Version: Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:33:19.372Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "denial of service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-30T19:38:42",
            orgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            shortName: "schneider",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@schneider-electric.com",
               ID: "CVE-2020-7486",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "denial of service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
                     refsource: "MISC",
                     url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
                  },
                  {
                     name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
                     refsource: "MISC",
                     url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
      assignerShortName: "schneider",
      cveId: "CVE-2020-7486",
      datePublished: "2020-04-15T21:03:37",
      dateReserved: "2020-01-21T00:00:00",
      dateUpdated: "2024-08-04T09:33:19.372Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-7491
Vulnerability from cvelistv5
Published
2020-07-23 20:46
Modified
2024-08-04 09:33
Severity ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
Impacted products
Vendor Product Version
n/a Tricon system versions 10.2.0 through 10.5.3 Version: Tricon system versions 10.2.0 through 10.5.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:33:19.483Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Tricon system versions 10.2.0 through 10.5.3",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Tricon system versions 10.2.0 through 10.5.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Unauthorized access",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-30T19:39:48",
            orgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            shortName: "schneider",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@schneider-electric.com",
               ID: "CVE-2020-7491",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Tricon system versions 10.2.0 through 10.5.3",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Tricon system versions 10.2.0 through 10.5.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Unauthorized access",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
                     refsource: "MISC",
                     url: "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
                  },
                  {
                     name: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
                     refsource: "MISC",
                     url: "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
      assignerShortName: "schneider",
      cveId: "CVE-2020-7491",
      datePublished: "2020-07-23T20:46:44",
      dateReserved: "2020-01-21T00:00:00",
      dateUpdated: "2024-08-04T09:33:19.483Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}