FKIE_CVE-2020-7491

Vulnerability from fkie_nvd - Published: 2020-07-23 21:15 - Updated: 2024-11-21 05:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
References
cybersecurity@se.comhttps://us-cert.cisa.gov/ics/advisories/icsa-20-205-01Third Party Advisory, US Government Resource
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SESB-2020-105-01/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SESB-2020-105-01/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric tricon_tcm_4351_firmware *
schneider-electric tricon_tcm_4351 -
schneider-electric tricon_tcm_4352_firmware *
schneider-electric tricon_tcm_4352 -
schneider-electric tricon_tcm_4351a_firmware *
schneider-electric tricon_tcm_4351a -
schneider-electric tricon_tcm_4351b_firmware *
schneider-electric tricon_tcm_4351b -
schneider-electric tricon_tcm_4352a_firmware *
schneider-electric tricon_tcm_4352a -
schneider-electric tricon_tcm_4352b_firmware *
schneider-electric tricon_tcm_4352b -
schneider-electric tristation_1131_firmware *
schneider-electric tristation_1131_firmware *
schneider-electric tristation_1131 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3183741-92D5-4437-91F6-AF666232204B",
              "versionEndExcluding": "10.5.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4351:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA997CF-D574-4D1B-B71F-A0EBB31303DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3F011D-5096-4EF6-94B7-9D66DC29583F",
              "versionEndExcluding": "10.5.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4352:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A965FF8-A474-447E-84AE-ED902B47A3A3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F8AB23-9DA4-4430-9FB1-BCC7D8BB88A9",
              "versionEndExcluding": "10.5.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4351a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D6502-A5D3-44A9-AF07-6717EADB98D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F909483-5DEA-4565-96B7-58BC3F0554CE",
              "versionEndExcluding": "10.5.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4351b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A46632D-151C-43D3-BFA3-72C87304AB8B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA8E6F5-7D88-403B-B3A2-FB28C5369DF2",
              "versionEndExcluding": "10.5.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4352a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4836B8C-1BEC-4076-928D-CBB403836BF2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B069292-3C0B-4CF8-8049-5E45A88FB4CB",
              "versionEndExcluding": "10.5.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tricon_tcm_4352b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D4DE85-CC63-415C-9C07-8DE9C762AF3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED15135-BC97-44FD-A2FF-3AEFACB79543",
              "versionEndIncluding": "4.9.0",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "016138FC-307D-48D8-87F9-045A8A22498D",
              "versionEndIncluding": "4.12.0",
              "versionStartIncluding": "4.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tristation_1131:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "723A226B-0742-4FC7-BF67-C7FA575BC85A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4."
    },
    {
      "lang": "es",
      "value": "**VERSION NO SOPORTADA CUANDO SE ASIGN\u00d3** Una cuenta de puerto de depuraci\u00f3n heredada en los TCM instalados en  sistema Tricon versiones 10.2.0 hasta 10.5.3, es visible en la red y podr\u00eda permitir un acceso inapropiado. Esta vulnerabilidad es corregida en TCM versi\u00f3n 10.5.4"
    }
  ],
  "id": "CVE-2020-7491",
  "lastModified": "2024-11-21T05:37:15.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-23T21:15:12.113",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.