CVE-2020-7477 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-7477?

CVE-2020-7477 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7477?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric 140Noe77101 Firmware, Schneider-Electric 140Noe77101, Schneider-Electric 140Noe77111 Firmware, Schneider-Electric 140Noe77111, Schneider-Electric Tsxh5744M Firmware.

Vulnerability Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	140Noe77101 Firmware	<= 7.0
Schneider-Electric	140Noe77101	-
Schneider-Electric	140Noe77111 Firmware	<= 7.0
Schneider-Electric	140Noe77111	-
Schneider-Electric	Tsxh5744M Firmware	All versions
Schneider-Electric	Tsxh5744M	-
Schneider-Electric	Tsxh5724M Firmware	All versions
Schneider-Electric	Tsxh5724M	-
Schneider-Electric	Tsxp576634M Firmware	All versions
Schneider-Electric	Tsxp576634M	-
Schneider-Electric	Tsxp57554M Firmware	All versions
Schneider-Electric	Tsxp57554M	-
Schneider-Electric	Tsxp575634M Firmware	All versions
Schneider-Electric	Tsxp575634M	-
Schneider-Electric	Tsxp57454M Firmware	All versions
Schneider-Electric	Tsxp57454M	-
Schneider-Electric	Tsxp574634M Firmware	All versions
Schneider-Electric	Tsxp574634M	-
Schneider-Electric	Tsxp573634M Firmware	All versions
Schneider-Electric	Tsxp573634M	-

Related Weaknesses (CWE)

CWE-754

References

https://www.se.com/ww/en/download/document/SEVD-2020-070-02/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-070-02/Vendor Advisory

FAQ

What is CVE-2020-7477?

CVE-2020-7477 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Etherne...

How severe is CVE-2020-7477?

CVE-2020-7477 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7477?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric 140Noe77101 Firmware, Schneider-Electric 140Noe77101, Schneider-Electric 140Noe77111 Firmware, Schneider-Electric 140Noe77111, Schneider-Electric Tsxh5744M Firmware.