CVE-2020-7505

CWE-4943 documents3 sources
Severity
7.2HIGH
EPSS
0.4%
top 42.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Easergy T300 Firmware
Timeline
PublishedJun 16
Latest updateMay 24

Description

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5easergy_t300_(firmware_version_1.5.2_and_older)Easergy T300 (Firmware version 1.5.2 and older)

🔴Vulnerability Details

2
GHSA
GHSA-qfhq-q296-49fr: A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 12022-05-24
CVEList
CVE-2020-7505: A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 12020-06-16
CVE-2020-7505 (HIGH CVSS 7.2) | A CWE-494 Download of Code Without | cvebase.io