- Description
- A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.
- Source
- cybersecurity@se.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBB5E3FB-9929-419B-A92F-7D0AD3CEC5FE",
"versionEndIncluding": "1.5.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]