First published: Thu Jul 23 2020(Updated: )
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Tricon Tcm 4351 Firmware | >=10.2.0<10.5.4 | |
Schneider-electric Tricon Tcm 4351 | ||
Schneider-electric Tricon Tcm 4352 Firmware | >=10.2.0<10.5.4 | |
Schneider-electric Tricon Tcm 4352 | ||
Schneider-electric Tricon Tcm 4351a Firmware | >=10.2.0<10.5.4 | |
Schneider-electric Tricon Tcm 4351a | ||
Schneider-electric Tricon Tcm 4351b Firmware | >=10.2.0<10.5.4 | |
Schneider-electric Tricon Tcm 4351b | ||
Schneider-electric Tricon Tcm 4352a Firmware | >=10.2.0<10.5.4 | |
Schneider-electric Tricon Tcm 4352a | ||
Schneider-electric Tricon Tcm 4352b Firmware | >=10.2.0<10.5.4 | |
Schneider-electric Tricon Tcm 4352b | ||
Schneider-electric Tristation 1131 Firmware | >=1.0.0<=4.9.0 | |
Schneider-electric Tristation 1131 Firmware | >=4.10.0<=4.12.0 | |
Schneider-electric Tristation 1131 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7491 is a vulnerability found in Tricon system versions 10.2.0 through 10.5.3.
CVE-2020-7491 has a severity value of 7.5 (High).
CVE-2020-7491 affects Tricon system versions 10.2.0 through 10.5.3.
CVE-2020-7491 can be fixed by updating to TCM version 10.5.4.
More information about CVE-2020-7491 can be found at the following references: [https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01](https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01) and [https://www.se.com/ww/en/download/document/SESB-2020-105-01/](https://www.se.com/ww/en/download/document/SESB-2020-105-01/).