CVE-2020-28217

HIGH

Schneider-electric Easergy T300 Firmware < 2.7 - Missing Encryption

Title source: rule

Description

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

References (2)

[Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (1)

schneider-electric/easergy_t300_firmware < 2.7

Published Dec 11, 2020

Tracked Since Feb 18, 2026