CVE-2020-7491
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
**VERSION NO SOPORTADA CUANDO SE ASIGNÓ** Una cuenta de puerto de depuración heredada en los TCM instalados en sistema Tricon versiones 10.2.0 hasta 10.5.3, es visible en la red y podría permitir un acceso inapropiado. Esta vulnerabilidad es corregida en TCM versión 10.5.4
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-07-23 CVE Published
- 2023-04-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/ww/en/download/document/SESB-2020-105-01 | 2022-04-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4351 Firmware Search vendor "Schneider-electric" for product "Tricon Tcm 4351 Firmware" | >= 10.2.0 < 10.5.4 Search vendor "Schneider-electric" for product "Tricon Tcm 4351 Firmware" and version " >= 10.2.0 < 10.5.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4351 Search vendor "Schneider-electric" for product "Tricon Tcm 4351" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4352 Firmware Search vendor "Schneider-electric" for product "Tricon Tcm 4352 Firmware" | >= 10.2.0 < 10.5.4 Search vendor "Schneider-electric" for product "Tricon Tcm 4352 Firmware" and version " >= 10.2.0 < 10.5.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4352 Search vendor "Schneider-electric" for product "Tricon Tcm 4352" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4351a Firmware Search vendor "Schneider-electric" for product "Tricon Tcm 4351a Firmware" | >= 10.2.0 < 10.5.4 Search vendor "Schneider-electric" for product "Tricon Tcm 4351a Firmware" and version " >= 10.2.0 < 10.5.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4351a Search vendor "Schneider-electric" for product "Tricon Tcm 4351a" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4351b Firmware Search vendor "Schneider-electric" for product "Tricon Tcm 4351b Firmware" | >= 10.2.0 < 10.5.4 Search vendor "Schneider-electric" for product "Tricon Tcm 4351b Firmware" and version " >= 10.2.0 < 10.5.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4351b Search vendor "Schneider-electric" for product "Tricon Tcm 4351b" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4352a Firmware Search vendor "Schneider-electric" for product "Tricon Tcm 4352a Firmware" | >= 10.2.0 < 10.5.4 Search vendor "Schneider-electric" for product "Tricon Tcm 4352a Firmware" and version " >= 10.2.0 < 10.5.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4352a Search vendor "Schneider-electric" for product "Tricon Tcm 4352a" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4352b Firmware Search vendor "Schneider-electric" for product "Tricon Tcm 4352b Firmware" | >= 10.2.0 < 10.5.4 Search vendor "Schneider-electric" for product "Tricon Tcm 4352b Firmware" and version " >= 10.2.0 < 10.5.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tricon Tcm 4352b Search vendor "Schneider-electric" for product "Tricon Tcm 4352b" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tristation 1131 Firmware Search vendor "Schneider-electric" for product "Tristation 1131 Firmware" | >= 1.0.0 <= 4.9.0 Search vendor "Schneider-electric" for product "Tristation 1131 Firmware" and version " >= 1.0.0 <= 4.9.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tristation 1131 Search vendor "Schneider-electric" for product "Tristation 1131" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tristation 1131 Firmware Search vendor "Schneider-electric" for product "Tristation 1131 Firmware" | >= 4.10.0 <= 4.12.0 Search vendor "Schneider-electric" for product "Tristation 1131 Firmware" and version " >= 4.10.0 <= 4.12.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tristation 1131 Search vendor "Schneider-electric" for product "Tristation 1131" | - | - |
Safe
|