CVE-2020-28215 – CVE-2020-28215 is a missing authorization vulne... (How to Fix)

Q: What is the severity of CVE-2020-28215?

CVE-2020-28215 has a CVSS score of 9.8 (CRITICAL). CVE-2020-28215 is a missing authorization vulnerability in Schneider Electric's Easergy T300 firmware that allows attackers to bypass access controls. This could lead to information disclosure, denial of service, or remote code execution. Organizations using Easergy T300 devices with firmware version 2.7 or older are affected.

📋 TL;DR

CVE-2020-28215 is a missing authorization vulnerability in Schneider Electric's Easergy T300 firmware that allows attackers to bypass access controls. This could lead to information disclosure, denial of service, or remote code execution. Organizations using Easergy T300 devices with firmware version 2.7 or older are affected.

💻 Affected Systems

Products:

Schneider Electric Easergy T300

Versions: Firmware version 2.7 and older

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the embedded firmware of the Easergy T300 protection relay devices used in electrical substations and power distribution systems.

📦 What is this software?

Easergy T300 Firmware by Schneider Electric

View all CVEs affecting Easergy T300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of the device, execute arbitrary code, disrupt power grid operations, and potentially pivot to other critical infrastructure systems.

🟠

Likely Case

Unauthorized access leading to information disclosure about grid configurations and potential denial of service affecting power monitoring capabilities.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation, though internal threats remain possible.

🌐 Internet-Facing: HIGH - If devices are directly exposed to the internet, attackers can exploit this without authentication to gain control.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability to affect grid operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows bypassing authorization checks, making exploitation straightforward once access is obtained. No public exploit code has been released, but the nature of the vulnerability suggests it could be weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 2.8 or newer

Vendor Advisory: https://www.se.com/ww/en/download/document/SEVD-2020-315-06/

Restart Required: Yes

Instructions:

1. Download firmware version 2.8 or newer from Schneider Electric's website. 2. Follow the firmware update procedure outlined in the Easergy T300 user manual. 3. Verify the firmware version after update. 4. Test device functionality post-update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Easergy T300 devices in dedicated network segments with strict firewall rules

Access Control Lists

all

Implement strict network access controls allowing only authorized management systems to communicate with devices

🧯 If You Can't Patch

Implement strict network segmentation to isolate devices from untrusted networks
Deploy intrusion detection systems to monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check the firmware version via the device web interface or management software. If version is 2.7 or older, the device is vulnerable.

Check Version:

Use the device web interface or Schneider Electric's management software to check firmware version

Verify Fix Applied:

After updating, verify firmware version shows 2.8 or newer in the device interface.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to device management interfaces
Unexpected firmware version changes
Unusual network connections to device ports

Network Indicators:

Unusual traffic patterns to/from Easergy T300 devices
Connection attempts from unauthorized IP addresses
Protocol anomalies in device communications

SIEM Query:

source="easergy_t300" AND (event_type="unauthorized_access" OR event_type="firmware_change")

📊 Metadata

CVE ID: CVE-2020-28215

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: December 11, 2020

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03 Third Party Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-315-06/ Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03 Third Party Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-315-06/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28215, you might also want to check these: