Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Easergy_t300_firmware
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-16 | CVE-2020-7507 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. | Easergy_t300_firmware | 7.5 | ||
| 2020-06-16 | CVE-2020-7508 | A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | Easergy_t300_firmware | 9.8 | ||
| 2020-06-16 | CVE-2020-7509 | A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | Easergy_t300_firmware | 7.2 | ||
| 2020-06-16 | CVE-2020-7510 | A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | Easergy_t300_firmware | 7.5 | ||
| 2020-06-16 | CVE-2020-7511 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. | Easergy_t300_firmware | 7.5 | ||
| 2020-06-16 | CVE-2020-7512 | A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | Easergy_t300_firmware | 9.8 | ||
| 2020-06-16 | CVE-2020-7513 | A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | Easergy_t300_firmware | 7.5 | ||
| 2020-11-19 | CVE-2020-7561 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | Easergy_t300_firmware | 9.8 | ||
| 2020-12-11 | CVE-2020-28217 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | Easergy_t300_firmware | 7.5 | ||
| 2020-12-11 | CVE-2020-28218 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | Easergy_t300_firmware | 6.5 |