Main Vulnerability Database SB2020072416

SB2020072416 - Hidden functionality in Schneider Electric Triconex TriStation

Published: July 24, 2020

Security Bulletin ID SB2020072416

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Hidden functionality (CVE-ID: CVE-2020-7485)

The vulnerability allows a local user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software, related to a legacy support account. A local user can use this functionality to inappropriate access to the TriStation 1131 project file.

Remediation

Install update from vendor's website.

References

https://www.se.com/ww/en/download/document/SESB-2020-105-01