Description
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SESB-2020-105-01/
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (7)
schneider-electric/tricon_tcm_4351_firmware
10.2.0 - 10.5.4
schneider-electric/tricon_tcm_4351a_firmware
10.2.0 - 10.5.4
schneider-electric/tricon_tcm_4351b_firmware
10.2.0 - 10.5.4
schneider-electric/tricon_tcm_4352_firmware
10.2.0 - 10.5.4
schneider-electric/tricon_tcm_4352a_firmware
10.2.0 - 10.5.4
schneider-electric/tricon_tcm_4352b_firmware
10.2.0 - 10.5.4
schneider-electric/tristation_1131_firmware
1.0.0 - 4.9.0
Published
Jul 23, 2020
Tracked Since
Feb 18, 2026