Versio.io

CVE-2020-7491

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 23-07-2020 11:15
Last modified: - 27-04-2022 06:28
Total changes: - 3

Description

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
High
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=schneider-electric AND product=tricon_tcm_4351_firmware AND versionStartIncluding=10.2.0 AND versionEndExcluding=10.5.4
OR
vendor=schneider-electric AND product=tricon_tcm_4351 AND version=-
AND
OR
vendor=schneider-electric AND product=tricon_tcm_4352_firmware AND versionStartIncluding=10.2.0 AND versionEndExcluding=10.5.4
OR
vendor=schneider-electric AND product=tricon_tcm_4352 AND version=-
AND
OR
vendor=schneider-electric AND product=tricon_tcm_4351a_firmware AND versionStartIncluding=10.2.0 AND versionEndExcluding=10.5.4
OR
vendor=schneider-electric AND product=tricon_tcm_4351a AND version=-
AND
OR
vendor=schneider-electric AND product=tricon_tcm_4351b_firmware AND versionStartIncluding=10.2.0 AND versionEndExcluding=10.5.4
OR
vendor=schneider-electric AND product=tricon_tcm_4351b AND version=-
AND
OR
vendor=schneider-electric AND product=tricon_tcm_4352a_firmware AND versionStartIncluding=10.2.0 AND versionEndExcluding=10.5.4
OR
vendor=schneider-electric AND product=tricon_tcm_4352a AND version=-
AND
OR
vendor=schneider-electric AND product=tricon_tcm_4352b_firmware AND versionStartIncluding=10.2.0 AND versionEndExcluding=10.5.4
OR
vendor=schneider-electric AND product=tricon_tcm_4352b AND version=-
AND
OR
vendor=schneider-electric AND product=tristation_1131_firmware AND versionEndIncluding=4.9.0 AND versionStartIncluding=1.0.0
vendor=schneider-electric AND product=tristation_1131_firmware AND versionEndIncluding=4.12.0 AND versionStartIncluding=4.10.0
OR
vendor=schneider-electric AND product=tristation_1131 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-7491

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.