CVE-2020-7491
First published: Thu Jul 23 2020(Updated: )
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric Tricon TCM 4351 Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4351a | ||
| Schneider Electric Tricon TCM 4352 | >=10.2.0<10.5.4 | |
| Schneider Electric Tricon TCM 4352 | ||
| Schneider Electric Triconex TCM 4351A | >=10.2.0<10.5.4 | |
| Schneider Electric Triconex TCM 4351A | ||
| Schneider Electric Tricon TCM 4351B Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4351b Firmware | ||
| Schneider Electric Tricon TCM 4352A | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4352a Firmware | ||
| Schneider Electric Tricon TCM 4352B Firmware | >=10.2.0<10.5.4 | |
| Schneider Electric Triconex Tricon | ||
| Schneider Electric Tristation 1131 Firmware | >=1.0.0<=4.9.0 | |
| Schneider Electric Tristation 1131 Firmware | >=4.10.0<=4.12.0 | |
| Schneider-electric Tristation 1131 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7491?
CVE-2020-7491 is a vulnerability found in Tricon system versions 10.2.0 through 10.5.3.
How severe is CVE-2020-7491?
CVE-2020-7491 has a severity value of 7.5 (High).
Which software versions are affected by CVE-2020-7491?
CVE-2020-7491 affects Tricon system versions 10.2.0 through 10.5.3.
How can I fix CVE-2020-7491?
CVE-2020-7491 can be fixed by updating to TCM version 10.5.4.
Where can I find more information about CVE-2020-7491?
More information about CVE-2020-7491 can be found at the following references: [https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01](https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01) and [https://www.se.com/ww/en/download/document/SESB-2020-105-01/](https://www.se.com/ww/en/download/document/SESB-2020-105-01/).
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/references
- agent/weakness
- agent/severity
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric tricon tcm 4351 firmware
- version/schneider electric tricon tcm 4351 firmware/10.2.0
- canonical/schneider-electric tricon tcm 4351a
- canonical/schneider electric tricon tcm 4352
- version/schneider electric tricon tcm 4352/10.2.0
- canonical/schneider electric triconex tcm 4351a
- version/schneider electric triconex tcm 4351a/10.2.0
- canonical/schneider electric tricon tcm 4351b firmware
- version/schneider electric tricon tcm 4351b firmware/10.2.0
- canonical/schneider-electric tricon tcm 4351b firmware
- canonical/schneider electric tricon tcm 4352a
- version/schneider electric tricon tcm 4352a/10.2.0
- canonical/schneider-electric tricon tcm 4352a firmware
- canonical/schneider electric tricon tcm 4352b firmware
- version/schneider electric tricon tcm 4352b firmware/10.2.0
- canonical/schneider electric triconex tricon
- canonical/schneider electric tristation 1131 firmware
- version/schneider electric tristation 1131 firmware/1.0.0
- version/schneider electric tristation 1131 firmware/4.9.0
- version/schneider electric tristation 1131 firmware/4.10.0
- version/schneider electric tristation 1131 firmware/4.12.0
- canonical/schneider-electric tristation 1131 firmware