CVE-2020-7505
First published: Tue Jun 16 2020(Updated: )
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric Easergy T300 Firmware | <=1.5.2 | |
| Schneider Electric Easergy T300 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-7505?
CVE-2020-7505 is rated as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2020-7505?
To mitigate CVE-2020-7505, upgrade the Easergy T300 firmware to version 1.5.3 or later.
What systems are affected by CVE-2020-7505?
CVE-2020-7505 affects Easergy T300 devices running firmware version 1.5.2 and older.
What kind of attack is possible with CVE-2020-7505?
CVE-2020-7505 allows an attacker to inject malicious data into the firmware, enabling remote code execution.
Is there a known exploit for CVE-2020-7505?
There are no publicly documented exploits for CVE-2020-7505 as of now, but the vulnerability poses a significant risk.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric easergy t300 firmware
- version/schneider electric easergy t300 firmware/1.5.2