CVE-2020-7508

CWE-3073 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 50.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Easergy T300 Firmware

Timeline

PublishedJun 16

Latest updateMay 24

Description

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5easergy_t300_(firmware_version_1.5.2_and_older)Easergy T300 (Firmware version 1.5.2 and older)

▶NVDschneider-electric/easergy_t300_firmware1.5.2

🔴Vulnerability Details

GHSA

GHSA-gh5v-6gqh-936p: A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1↗2022-05-24

▶

CVEList

CVE-2020-7508: A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1↗2020-06-16

▶