Schneider-Electric Easergy T300 Firmware vulnerabilities

CVE-2020-7506 [HIGH] CWE-200 CVE-2020-7506: A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, whi A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.

CVE-2020-7503 [HIGH] CWE-352 CVE-2020-7503: A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

CVE-2020-7511 [HIGH] CWE-327 CVE-2020-7511: A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Fi A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

CVE-2020-7504 [MEDIUM] CWE-20 CVE-2020-7504: A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.