CVE-2020-7491

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.se.com/ww/en/download/document/SESB-2020-105-01/	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:tricon_tcm_4351_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tricon_tcm_4351:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:tricon_tcm_4352_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tricon_tcm_4352:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:tricon_tcm_4351a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tricon_tcm_4351a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:tricon_tcm_4351b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tricon_tcm_4351b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:tricon_tcm_4352a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tricon_tcm_4352a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:tricon_tcm_4352b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tricon_tcm_4352b:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:schneider-electric:tristation_1131_firmware::::::::
	cpe:2.3:o:schneider-electric:tristation_1131_firmware::::::::

cpe:2.3:h:schneider-electric:tristation_1131:-:*:*:*:*:*:*:*

Information

Published : 2020-07-23 14:15

Updated : 2022-04-27 09:28

NVD link : CVE-2020-7491

Mitre link : CVE-2020-7491

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

schneider-electric

tricon_tcm_4351
tricon_tcm_4352a_firmware
tricon_tcm_4352b
tricon_tcm_4352
tristation_1131_firmware
tricon_tcm_4351a_firmware
tricon_tcm_4352a
tricon_tcm_4351_firmware
tricon_tcm_4351b_firmware
tricon_tcm_4351b
tristation_1131
tricon_tcm_4351a
tricon_tcm_4352b_firmware
tricon_tcm_4352_firmware

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-7491

7.5^/10

5.0^/10

Attach tags to `CVE-2020-7491`