CVE-2020-28217

CWE-3113 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 80.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Easergy T300 Firmware
Timeline
PublishedDec 11
Latest updateMay 24

Description

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5easergy_t300_(firmware_2.7_and_older)Easergy T300 (firmware 2.7 and older)

🔴Vulnerability Details

2
GHSA
GHSA-hgpc-4547-p5wm: A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 22022-05-24
CVEList
CVE-2020-28217: A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 22020-12-11
CVE-2020-28217 (HIGH CVSS 7.5) | A CWE-311: Missing Encryption of Se | cvebase.io