All the vulnerabilites related to schneider-electric - tristation_1131
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 05:37
Severity ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| cybersecurity@se.com | https://www.se.com/ww/en/download/document/SESB-2020-105-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.se.com/ww/en/download/document/SESB-2020-105-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | tristation_1131 | * | |
| microsoft | windows_7 | - | |
| microsoft | windows_nt | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6B9ACE-77B5-4C95-A525-7278AFA06533",
"versionEndExcluding": "4.13.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E2D695-54F5-4D3E-B1F8-CABE51AE6064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former \u0027password\u0027 feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions."
},
{
"lang": "es",
"value": "**VERSI\u00d3N NO COMPATIBLE CUANDO SE ASIGN\u00d3** Una vulnerabilidad con la antigua funcionalidad \"password\" podr\u00eda permitir un ataque de denegaci\u00f3n de servicio si el usuario no sigue las directrices documentadas relativas a la conexi\u00f3n de TriStation dedicada y a la protecci\u00f3n key-switch. Esta vulnerabilidad fue detectada y corregida en las versiones v4.9.1 y v4.10.1 el 30 de mayo de 2013. Esta funcionalidad no est\u00e1 presente en las versiones v4.9.1 y v4.10.1 hasta la actual. Por lo tanto, la vulnerabilidad no est\u00e1 presente en estas versiones."
}
],
"id": "CVE-2020-7484",
"lastModified": "2024-11-21T05:37:14.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-16T19:15:34.713",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 05:37
Severity ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| cybersecurity@se.com | https://www.se.com/ww/en/download/document/SESB-2020-105-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.se.com/ww/en/download/document/SESB-2020-105-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | tristation_1131 | * | |
| schneider-electric | tristation_1131 | 4.10.0 | |
| schneider-electric | tristation_1131 | 4.12.0 | |
| microsoft | windows_7 | - | |
| microsoft | windows_nt | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF85A1C1-5867-486A-8E17-36C83324329A",
"versionEndIncluding": "4.9.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA77BE7C-A96A-460E-ABCE-7B578B8827D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "325A4334-FF06-4F8A-9C3E-D2F37D32D8D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E2D695-54F5-4D3E-B1F8-CABE51AE6064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1"
},
{
"lang": "es",
"value": "**VERSI\u00d3N NO COMPATIBLE CUANDO SE ASIGN\u00d3** Una cuenta de soporte heredada en la versi\u00f3n v4.9.0 y anteriores del software TriStation podr\u00eda causar un acceso inapropiado a la m\u00e1quina host de TriStation. Esto fue abordado en TriStation versiones v4.9.1 y v4.10.1 publicadas en May 30, 2013.1"
}
],
"id": "CVE-2020-7485",
"lastModified": "2024-11-21T05:37:14.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-16T19:15:34.777",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-23 21:15
Modified
2024-11-21 05:37
Severity ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| cybersecurity@se.com | https://www.se.com/ww/en/download/document/SESB-2020-105-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.se.com/ww/en/download/document/SESB-2020-105-01/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3183741-92D5-4437-91F6-AF666232204B",
"versionEndExcluding": "10.5.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4351:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA997CF-D574-4D1B-B71F-A0EBB31303DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3F011D-5096-4EF6-94B7-9D66DC29583F",
"versionEndExcluding": "10.5.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4352:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A965FF8-A474-447E-84AE-ED902B47A3A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F8AB23-9DA4-4430-9FB1-BCC7D8BB88A9",
"versionEndExcluding": "10.5.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4351a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4D6502-A5D3-44A9-AF07-6717EADB98D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F909483-5DEA-4565-96B7-58BC3F0554CE",
"versionEndExcluding": "10.5.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4351b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A46632D-151C-43D3-BFA3-72C87304AB8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA8E6F5-7D88-403B-B3A2-FB28C5369DF2",
"versionEndExcluding": "10.5.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4352a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4836B8C-1BEC-4076-928D-CBB403836BF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B069292-3C0B-4CF8-8049-5E45A88FB4CB",
"versionEndExcluding": "10.5.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4352b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89D4DE85-CC63-415C-9C07-8DE9C762AF3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EED15135-BC97-44FD-A2FF-3AEFACB79543",
"versionEndIncluding": "4.9.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "016138FC-307D-48D8-87F9-045A8A22498D",
"versionEndIncluding": "4.12.0",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tristation_1131:-:*:*:*:*:*:*:*",
"matchCriteriaId": "723A226B-0742-4FC7-BF67-C7FA575BC85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4."
},
{
"lang": "es",
"value": "**VERSION NO SOPORTADA CUANDO SE ASIGN\u00d3** Una cuenta de puerto de depuraci\u00f3n heredada en los TCM instalados en sistema Tricon versiones 10.2.0 hasta 10.5.3, es visible en la red y podr\u00eda permitir un acceso inapropiado. Esta vulnerabilidad es corregida en TCM versi\u00f3n 10.5.4"
}
],
"id": "CVE-2020-7491",
"lastModified": "2024-11-21T05:37:15.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-23T21:15:12.113",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-16 19:15
Modified
2024-11-21 05:37
Severity ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| cybersecurity@se.com | https://www.se.com/ww/en/download/document/SESB-2020-105-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.se.com/ww/en/download/document/SESB-2020-105-01 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | tristation_1131 | * | |
| microsoft | windows_7 | - | |
| microsoft | windows_nt | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69BC31F9-1F2C-4903-AEF1-3565D5476E82",
"versionEndIncluding": "4.12.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46E2D695-54F5-4D3E-B1F8-CABE51AE6064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the \u0027password\u0027 feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The \u0027password\u0027 feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions."
},
{
"lang": "es",
"value": "**VERSI\u00d3N NO COMPATIBLE CUANDO SE ASIGN\u00d3** Una vulnerabilidad podr\u00eda causar que determinados datos sean visibles en la red cuando la funcionalidad \"password\" est\u00e1 activada. Esta vulnerabilidad fue descubierta y corregida en las versiones v4.9.1 y v4.10.1 el 30 de mayo de 2013. La funcionalidad de \"password\" es una comprobaci\u00f3n adicional opcional realizada por TS1131 que est\u00e1 conectada a un controlador espec\u00edfico. Estos datos se env\u00edan como texto plano y son visibles en la red. Esta funcionalidad no est\u00e1 presente en TriStation 1131 versiones v4.9.1 y v4.10.1 hasta la actual. Por lo tanto, la vulnerabilidad no est\u00e1 presente en estas versiones."
}
],
"id": "CVE-2020-7483",
"lastModified": "2024-11-21T05:37:14.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-16T19:15:34.667",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-7484
Vulnerability from cvelistv5
Published
2020-04-15 21:03
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SESB-2020-105-01 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) |
Version: TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former \u0027password\u0027 feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T19:36:36",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)",
"version": {
"version_data": [
{
"version_value": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former \u0027password\u0027 feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7484",
"datePublished": "2020-04-15T21:03:24",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7483
Vulnerability from cvelistv5
Published
2020-04-15 21:03
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SESB-2020-105-01 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) |
Version: TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:18.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the \u0027password\u0027 feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The \u0027password\u0027 feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cleartext",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T19:35:50",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)",
"version": {
"version_data": [
{
"version_value": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the \u0027password\u0027 feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The \u0027password\u0027 feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cleartext"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7483",
"datePublished": "2020-04-15T21:03:17",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:18.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7485
Vulnerability from cvelistv5
Published
2020-04-15 21:03
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SESB-2020-105-01 | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) |
Version: TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T19:37:45",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)",
"version": {
"version_data": [
{
"version_value": "TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7485",
"datePublished": "2020-04-15T21:03:31",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7491
Vulnerability from cvelistv5
Published
2020-07-23 20:46
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SESB-2020-105-01/ | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Tricon system versions 10.2.0 through 10.5.3 |
Version: Tricon system versions 10.2.0 through 10.5.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tricon system versions 10.2.0 through 10.5.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Tricon system versions 10.2.0 through 10.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T19:39:48",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tricon system versions 10.2.0 through 10.5.3",
"version": {
"version_data": [
{
"version_value": "Tricon system versions 10.2.0 through 10.5.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7491",
"datePublished": "2020-07-23T20:46:44",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}