CVE-2020-28218

CWE-1021Clickjacking3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Easergy T300 Firmware
Timeline
PublishedDec 11
Latest updateMay 24

Description

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5easergy_t300_(firmware_2.7_and_older)Easergy T300 (firmware 2.7 and older)

🔴Vulnerability Details

2
GHSA
GHSA-q5hg-75fp-r6wm: A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 22022-05-24
CVEList
CVE-2020-28218: A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 22020-12-11
CVE-2020-28218 (MEDIUM CVSS 6.5) | A CWE-1021: Improper Restriction of | cvebase.io