cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-28218,https://securityvulnerability.io/vulnerability/CVE-2020-28218,Improper UI Layer Restriction Vulnerability in Easergy T300 by Schneider Electric,"The Easergy T300 by Schneider Electric has a vulnerability that allows an attacker to manipulate the user interface layers or frames. This could trick users into executing unintended actions, potentially leading to unauthorized access or control over system functionalities. It is crucial for users of this firmware version 2.7 and older to be aware of this risk and implement necessary security measures to safeguard against potential exploitation.",Schneider Electric,Easergy T300 (firmware 2.7 And Older),6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2020-12-11T00:51:19.000Z,0
CVE-2020-28217,https://securityvulnerability.io/vulnerability/CVE-2020-28217,Missing Encryption Vulnerability in Easergy T300 by Schneider Electric,"A vulnerability exists in the Easergy T300 firmware versions 2.7 and older, which lacks proper encryption of sensitive data. This oversight allows an attacker to intercept and read network traffic sent via the HTTP protocol, potentially exposing confidential information. Organizations using affected versions of the Easergy T300 should consider immediate upgrades or mitigations to ensure their network security is not compromised. For further details, please refer to the official advisories.",Schneider Electric,Easergy T300 (firmware 2.7 And Older),7.5,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2020-12-11T00:51:15.000Z,0
CVE-2020-28216,https://securityvulnerability.io/vulnerability/CVE-2020-28216,Missing Encryption Vulnerability in Easergy T300 by Schneider Electric,"A vulnerability exists in Easergy T300 firmware versions up to 2.7, allowing malicious actors to intercept and read sensitive network traffic transmitted over the HTTP protocol. This issue arises from inadequate encryption measures, making data susceptible to unauthorized access. Organizations utilizing the impacted firmware versions should take immediate action to implement stronger encryption protocols to safeguard sensitive information against potential exploitation.",Schneider Electric,Easergy T300 (firmware 2.7 And Older),7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2020-12-11T00:51:11.000Z,0
CVE-2020-28215,https://securityvulnerability.io/vulnerability/CVE-2020-28215,Missing Authorization Vulnerability in Easergy T300 by Schneider Electric,"The Easergy T300 device by Schneider Electric is affected by a missing authorization vulnerability that arises from inadequate access control checks. This oversight can lead to various security issues, including unauthorized information exposure, denial of service incidents, and the potential for arbitrary code execution. Organizations using firmware versions 2.7 and older should prioritize security measures to mitigate the risks associated with this vulnerability.",Schneider Electric,Easergy T300 (firmware 2.7 And Older),9.8,CRITICAL,0.004660000093281269,false,,false,false,false,,,false,false,,2020-12-11T00:51:07.000Z,0
CVE-2020-7561,https://securityvulnerability.io/vulnerability/CVE-2020-7561,Missing Authentication in Easergy T300 by Schneider Electric,"A significant security vulnerability exists in the Easergy T300, specifically affecting firmware versions 2.7 and older. This flaw allows unauthorized users to access critical functionalities without proper authentication. As a result, attackers could potentially expose sensitive information, disrupt service availability, or execute commands on the affected system. Addressing this issue is vital to maintaining the integrity and security of the devices.",Schneider Electric,Easergy T300 With Firmware 2.7 And Older,9.8,CRITICAL,0.003659999929368496,false,,false,false,false,,,false,false,,2020-11-19T00:00:00.000Z,0