VDB
SEVD-2020-315-06
SEVD-2020-315-06
PUBLISHED
CVSS 10 CRITICAL
Schneider Electric is aware of a vulnerability in its Easergy T300 RTU (Remote Terminal Unit). The Easergy T300 is a modular platform for medium voltage and low voltage public distribution network management. Failure to apply the remediation provided below may allow unauthorized access to the internal product LAN (local area network). December 2020 Update: Additional CVEs have been added to this disclosure (marked in red). No additional action is required for customers who have already followed the remediation instructions provided below.
Risk Scores
CVSS v3.1
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Easergy T300 V2.7.1 | ||
| Schneider Electric Easergy T300 2.7 and older |
Timeline
- Nov 10, 2020 CVE Published
- Dec 8, 2020 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2020-315-06_Easergy_T300_Security_Notification_V2.0.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2020-315-06.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/us/en/work/support/ fix