Vulnerability Details : CVE-2020-7484
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
Vulnerability category: Denial of service
Products affected by CVE-2020-7484
- cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7484
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7484
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2020-7484
-
https://www.se.com/ww/en/download/document/SESB-2020-105-01
Security Bulletin - Legacy Triconex Product Vulnerabilities | Schneider ElectricVendor Advisory
-
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01
Schneider Electric Triconex TriStation and Tricon Communication Module | CISAThird Party Advisory;US Government Resource
Jump to