Schneider-electric Easergy T300 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Easergy T300 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2020-28215 — CVSS 9.8 (critical): A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems…
CVE-2020-7508 — CVSS 9.8 (critical): A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older)…
CVE-2020-7561 — CVSS 9.8 (critical): A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause…
CVE-2020-7512 — CVSS 9.8 (critical): A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version…
CVE-2020-25176 — CVSS 9.1 (critical): Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file…
CVE-2020-7503 — CVSS 8.8 (high): A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an…
CVE-2020-25184 — CVSS 7.8 (high): Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the…
CVE-2020-7506 — CVSS 7.5 (high): A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or…
CVE-2020-25178 — CVSS 7.5 (high): ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol…
CVE-2020-28216 — CVSS 7.5 (high): A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker…
CVE-2020-28217 — CVSS 7.5 (high): A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker…
CVE-2020-7507 — CVSS 7.5 (high): A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an…
CVE-2020-7510 — CVSS 7.5 (high): A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to…
CVE-2020-7511 — CVSS 7.5 (high): A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which…
CVE-2020-7513 — CVSS 7.5 (high): A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could…
CVE-2021-22771 — CVSS 7.3 (high): A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older…
CVE-2020-7509 — CVSS 7.2 (high): A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow…
CVE-2020-7505 — CVSS 7.2 (high): A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could…
CVE-2020-25182 — CVSS 6.7 (medium): Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic…
CVE-2020-28218 — CVSS 6.5 (medium): A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would…
CVE-2021-22770 — CVSS 6.5 (medium): A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to…
CVE-2020-7504 — CVSS 5.3 (medium): A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker…
CVE-2020-25180 — CVSS 5.3 (medium): Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute…
CVE-2021-22769 — CVSS 4.3 (medium): A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that…