Vulnerability Details : CVE-2020-7491
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
Products affected by CVE-2020-7491
- Schneider-electric » Tricon Tcm 4351 FirmwareVersions from including (>=) 10.2.0 and before (<) 10.5.4cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tricon Tcm 4352 FirmwareVersions from including (>=) 10.2.0 and before (<) 10.5.4cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tricon Tcm 4351a FirmwareVersions from including (>=) 10.2.0 and before (<) 10.5.4cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tricon Tcm 4351b FirmwareVersions from including (>=) 10.2.0 and before (<) 10.5.4cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tricon Tcm 4352a FirmwareVersions from including (>=) 10.2.0 and before (<) 10.5.4cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tricon Tcm 4352b FirmwareVersions from including (>=) 10.2.0 and before (<) 10.5.4cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tristation 1131 FirmwareVersions from including (>=) 4.10.0 and up to, including, (<=) 4.12.0cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*
- Schneider-electric » Tristation 1131 FirmwareVersions from including (>=) 1.0.0 and up to, including, (<=) 4.9.0cpe:2.3:o:schneider-electric:tristation_1131_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7491
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7491
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2020-7491
-
https://www.se.com/ww/en/download/document/SESB-2020-105-01/
Security Bulletin - Legacy Triconex Product Vulnerabilities (V2.1) | Schneider ElectricVendor Advisory
-
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01
Schneider Electric Triconex TriStation and Tricon Communication Module | CISAThird Party Advisory;US Government Resource
Jump to