Vulnerability Details : CVE-2020-7483
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
Products affected by CVE-2020-7483
- Schneider-electric » Tristation 1131Versions from including (>=) 1.0 and up to, including, (<=) 4.12.0cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7483
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7483
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-7483
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-7483
-
https://www.se.com/ww/en/download/document/SESB-2020-105-01
Security Bulletin - Legacy Triconex Product Vulnerabilities | Schneider ElectricVendor Advisory
-
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01
Schneider Electric Triconex TriStation and Tricon Communication Module | CISAThird Party Advisory;US Government Resource
Jump to