Vulnerability Description
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Easergy T300 Firmware | <= 2.7 |
| Schneider-Electric | Easergy T300 | - |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03Third Party Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-315-06/Vendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03Third Party Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-315-06/Vendor Advisory
FAQ
What is CVE-2020-28216?
CVE-2020-28216 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.
How severe is CVE-2020-28216?
CVE-2020-28216 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28216?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Easergy T300 Firmware, Schneider-Electric Easergy T300.