CVE-2020-7484

Опубликовано: 16 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01
Third Party Advisory
US Government Resource
https://www.se.com/ww/en/download/document/SESB-2020-105-01
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01
Third Party Advisory
US Government Resource
https://www.se.com/ww/en/download/document/SESB-2020-105-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 4.13.0 (исключая)

Одно из

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_nt:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00307

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4xr5-jcrf-96w3

github

больше 3 лет назад

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

BDU:2020-01901