CVE-2020-7506
HIGHEasergy T300 Firmware <= 1.5.2 - Information Exposure via Firmware Archive Handling
Title source: llmDescription
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-161-04
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
schneider-electric/easergy_t300_firmware
< 1.5.2
Published
Jun 16, 2020
Tracked Since
Feb 18, 2026