Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-23 | CVE-2020-7517 | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | 5.5 |
| 2020-07-23 | CVE-2020-7516 | Unspecified vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | 7.8 |
| 2020-07-23 | CVE-2020-7515 | Unspecified vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. | 7.8 |
| 2020-07-23 | CVE-2020-7514 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access. | 7.8 |
| 2020-07-23 | CVE-2020-7491 | Unspecified vulnerability in Schneider-Electric products **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. | 7.5 |
| 2020-06-16 | CVE-2020-7513 | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | 7.5 |
| 2020-06-16 | CVE-2020-7512 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | 9.8 |
| 2020-06-16 | CVE-2020-7511 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. | 7.5 |
| 2020-06-16 | CVE-2020-7510 | Information Exposure vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | 7.5 |
| 2020-06-16 | CVE-2020-7509 | Improper Privilege Management vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | 7.2 |