Schneider-Electric: >> Easergy T300 Firmware >> 2.7 Security Vulnerabilities
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-12-11
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-12-11
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.
CVSS Score
9.8
EPSS Score
0.016
Published
2020-11-19
Page 2