CVE-2020-7506: Infoleak
First published: Tue Jun 16 2020(Updated: )
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric Easergy T300 Firmware | <=1.5.2 | |
| Schneider Electric Easergy T300 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-7506?
CVE-2020-7506 has a high severity rating due to the potential for information exposure affecting Schneider Electric's Easergy T300 firmware.
How do I fix CVE-2020-7506?
To mitigate CVE-2020-7506, upgrade to Easergy T300 firmware version 1.5.3 or later as it addresses the vulnerability.
What type of vulnerability is CVE-2020-7506?
CVE-2020-7506 is classified as an Information Exposure vulnerability, which may allow unauthorized access to sensitive information.
Which versions of Easergy T300 are affected by CVE-2020-7506?
Easergy T300 firmware versions 1.5.2 and earlier are affected by CVE-2020-7506.
What could an attacker achieve by exploiting CVE-2020-7506?
An attacker exploiting CVE-2020-7506 could gain unauthorized access to sensitive data by packing or unpacking the firmware archive.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric easergy t300 firmware
- version/schneider electric easergy t300 firmware/1.5.2