Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Easergy_t300_firmware
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-16 | CVE-2020-7513 | A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | Easergy_t300_firmware | 7.5 | ||
| 2020-11-19 | CVE-2020-7561 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | Easergy_t300_firmware | 9.8 | ||
| 2020-12-11 | CVE-2020-28217 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | Easergy_t300_firmware | 7.5 | ||
| 2020-12-11 | CVE-2020-28218 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | Easergy_t300_firmware | 6.5 | ||
| 2020-12-11 | CVE-2020-28215 | A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently. | Easergy_t300_firmware | 9.8 | ||
| 2020-12-11 | CVE-2020-28216 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | Easergy_t300_firmware | 7.5 | ||
| 2021-06-11 | CVE-2021-22769 | A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted. | Easergy_t300_firmware | 4.3 | ||
| 2021-07-21 | CVE-2021-22770 | A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. | Easergy_t300_firmware | 6.5 | ||
| 2021-07-21 | CVE-2021-22771 | A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. | Easergy_t300_firmware | 7.3 | ||
| 2022-03-18 | CVE-2020-25182 | Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. | Aadvance_controller, Isagraf_free_runtime, Isagraf_runtime, Micro810_firmware, Micro820_firmware, Micro830_firmware, Micro850_firmware, Micro870_firmware, Easergy_c5_firmware, Easergy_t300_firmware, Epas_gtw_firmware, Micom_c264_firmware, Pacis_gtw_firmware, Saitel_dp_firmware, Saitel_dr_firmware, Scd2200_firmware, Multismart_firmware | 6.7 |