CVE-2020-7505

HIGH

Schneider-electric Easergy T300 Firmware < 1.5.2 - Download Without Integrity Check

Title source: rule

Description

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.

References (1)

[Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2020-161-04

Scores

CVSS v3 7.2

EPSS 0.0035

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

schneider-electric/easergy_t300_firmware < 1.5.2

Published Jun 16, 2020

Tracked Since Feb 18, 2026