CVE-2020-7485

{"id": "CVE-2020-7485", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-04-16T19:15:34.777", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cybersecurity@se.com"}, {"url": "https://www.se.com/ww/en/download/document/SESB-2020-105-01", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1"}, {"lang": "es", "value": "**VERSI\u00d3N NO COMPATIBLE CUANDO SE ASIGN\u00d3** Una cuenta de soporte heredada en la versi\u00f3n v4.9.0 y anteriores del software TriStation podr\u00eda causar un acceso inapropiado a la m\u00e1quina host de TriStation. Esto fue abordado en TriStation versiones v4.9.1 y v4.10.1 publicadas en May 30, 2013.1"}], "lastModified": "2023-03-01T16:40:34.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF85A1C1-5867-486A-8E17-36C83324329A", "versionEndIncluding": "4.9.0", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:4.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA77BE7C-A96A-460E-ABCE-7B578B8827D1"}, {"criteria": "cpe:2.3:a:schneider-electric:tristation_1131:4.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "325A4334-FF06-4F8A-9C3E-D2F37D32D8D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "46E2D695-54F5-4D3E-B1F8-CABE51AE6064"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}