CVE-2020-7506

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 45.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Easergy T300 Firmware

Timeline

PublishedJun 16

Latest updateMay 24

Description

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5easergy_t300_firmware_v1.5.2_and_priorEasergy T300 Firmware V1.5.2 and prior

▶NVDschneider-electric/easergy_t300_firmware1.5.2

🔴Vulnerability Details

GHSA

GHSA-3hmg-5j42-p3q3: A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1↗2022-05-24

▶

CVEList

CVE-2020-7506: A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1↗2020-06-16

▶