cnvd - cnvd-2020-33642

CNVD-2020-33642

Vulnerability from cnvd - Published: 2020-06-18

Title

Schneider Electric Tricon TCM Model资源管理错误漏洞

Description

Schneider Electric Tricon TCM Model 4351等都是法国施耐德电气（Schneider Electric）公司的一款通信模块。 Schneider Electric Tricon TCM Model v10.3.x版本和v10.4.x版本中存在安全漏洞。攻击者可利用该漏洞重置TCM模块。

Severity

中

Patch Name

Schneider Electric Tricon TCM Model资源管理错误漏洞的补丁

Patch Description

Schneider Electric Tricon TCM Model 4351等都是法国施耐德电气（Schneider Electric）公司的一款通信模块。 Schneider Electric Tricon TCM Model v10.3.x版本和v10.4.x版本中存在安全漏洞。攻击者可利用该漏洞重置TCM模块。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.se.com/ww/en/download/document/SESB-2020-105-01/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7486

Impacted products

Name
['Schneider Electric Tricon TCM Model v10.3.x', 'Schneider Electric Tricon TCM Model v10.4.x']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7486"
    }
  },
  "description": "Schneider Electric Tricon TCM Model 4351\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u4fe1\u6a21\u5757\u3002\n\nSchneider Electric Tricon TCM Model v10.3.x\u7248\u672c\u548cv10.4.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u7f6eTCM\u6a21\u5757\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.se.com/ww/en/download/document/SESB-2020-105-01/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-33642",
  "openTime": "2020-06-18",
  "patchDescription": "Schneider Electric Tricon TCM Model 4351\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u4fe1\u6a21\u5757\u3002\r\n\r\nSchneider Electric Tricon TCM Model v10.3.x\u7248\u672c\u548cv10.4.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u7f6eTCM\u6a21\u5757\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric Tricon TCM Model\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric Tricon TCM Model v10.3.x",
      "Schneider Electric Tricon TCM Model v10.4.x"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7486",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-17",
  "title": "Schneider Electric Tricon TCM Model\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-7486 (GCVE-0-2020-7486)

Vulnerability from cvelistv5 – Published: 2020-04-15 21:03 – Updated: 2024-08-04 09:33

Summary

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.

Severity ?

No CVSS data available.

CWE

denial of service

Assigner

schneider

References

URL

Tags

	https://www.se.com/ww/en/download/document/SESB-2…	x_refsource_MISC
	https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)	Affected: Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T19:38:42",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SESB-2020-105-01",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7486",
    "datePublished": "2020-04-15T21:03:37",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-33642

CVE-2020-7486 (GCVE-0-2020-7486)

Tags

Sightings

Nomenclature