CVE-2020-7504: Input Validation
First published: Tue Jun 16 2020(Updated: )
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric Easergy T300 Firmware | <=1.5.2 | |
| Schneider Electric Easergy T300 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-7504?
CVE-2020-7504 has a medium severity rating due to its potential to disable the webserver service on the Easergy T300 device.
How do I fix CVE-2020-7504?
To fix CVE-2020-7504, update the Easergy T300 firmware to a version newer than 1.5.2.
What devices are affected by CVE-2020-7504?
CVE-2020-7504 affects Schneider Electric Easergy T300 devices running firmware version 1.5.2 or older.
What could an attacker do exploiting CVE-2020-7504?
An attacker exploiting CVE-2020-7504 could disable the webserver service on the Easergy T300 device using specially crafted network packets.
Is there a workaround for CVE-2020-7504?
There are no official workarounds for CVE-2020-7504; updating the firmware is the recommended approach.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric easergy t300 firmware
- version/schneider electric easergy t300 firmware/1.5.2