CVE-2020-7491
First published: Thu Jul 23 2020(Updated: )
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Tricon Tcm 4351 Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4351 | ||
| Schneider-electric Tricon Tcm 4352 Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4352 | ||
| Schneider-electric Tricon Tcm 4351a Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4351a | ||
| Schneider-electric Tricon Tcm 4351b Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4351b | ||
| Schneider-electric Tricon Tcm 4352a Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4352a | ||
| Schneider-electric Tricon Tcm 4352b Firmware | >=10.2.0<10.5.4 | |
| Schneider-electric Tricon Tcm 4352b | ||
| Schneider-electric Tristation 1131 Firmware | >=1.0.0<=4.9.0 | |
| Schneider-electric Tristation 1131 Firmware | >=4.10.0<=4.12.0 | |
| Schneider-electric Tristation 1131 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7491?
CVE-2020-7491 is a vulnerability found in Tricon system versions 10.2.0 through 10.5.3.
How severe is CVE-2020-7491?
CVE-2020-7491 has a severity value of 7.5 (High).
Which software versions are affected by CVE-2020-7491?
CVE-2020-7491 affects Tricon system versions 10.2.0 through 10.5.3.
How can I fix CVE-2020-7491?
CVE-2020-7491 can be fixed by updating to TCM version 10.5.4.
Where can I find more information about CVE-2020-7491?
More information about CVE-2020-7491 can be found at the following references: [https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01](https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01) and [https://www.se.com/ww/en/download/document/SESB-2020-105-01/](https://www.se.com/ww/en/download/document/SESB-2020-105-01/).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/schneider-electric
- canonical/schneider-electric tricon tcm 4351 firmware
- version/schneider-electric tricon tcm 4351 firmware/10.2.0
- canonical/schneider-electric tricon tcm 4351
- canonical/schneider-electric tricon tcm 4352 firmware
- version/schneider-electric tricon tcm 4352 firmware/10.2.0
- canonical/schneider-electric tricon tcm 4352
- canonical/schneider-electric tricon tcm 4351a firmware
- version/schneider-electric tricon tcm 4351a firmware/10.2.0
- canonical/schneider-electric tricon tcm 4351a
- canonical/schneider-electric tricon tcm 4351b firmware
- version/schneider-electric tricon tcm 4351b firmware/10.2.0
- canonical/schneider-electric tricon tcm 4351b
- canonical/schneider-electric tricon tcm 4352a firmware
- version/schneider-electric tricon tcm 4352a firmware/10.2.0
- canonical/schneider-electric tricon tcm 4352a
- canonical/schneider-electric tricon tcm 4352b firmware
- version/schneider-electric tricon tcm 4352b firmware/10.2.0
- canonical/schneider-electric tricon tcm 4352b
- canonical/schneider-electric tristation 1131 firmware
- version/schneider-electric tristation 1131 firmware/1.0.0
- version/schneider-electric tristation 1131 firmware/4.9.0
- version/schneider-electric tristation 1131 firmware/4.10.0
- version/schneider-electric tristation 1131 firmware/4.12.0
- canonical/schneider-electric tristation 1131