{"api_version":"1","generated_at":"2026-04-23T04:10:21+00:00","cve":"CVE-2020-7485","urls":{"html":"https://cve.report/CVE-2020-7485","api":"https://cve.report/api/cve/CVE-2020-7485.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7485","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7485"},"summary":{"title":"CVE-2020-7485","description":"**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2020-04-16 19:15:00","updated_at":"2023-03-01 16:40:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01","refsource":"MISC","tags":[],"title":"Schneider Electric Triconex TriStation and Tricon Communication Module | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.se.com/ww/en/download/document/SESB-2020-105-01","name":"https://www.se.com/ww/en/download/document/SESB-2020-105-01","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Bulletin - Legacy Triconex Product Vulnerabilities (V2.1) | Schneider Electric","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7485","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7485","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"7485","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_nt","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_nt","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"tristation_1131","cpe6":"4.10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"tristation_1131","cpe6":"4.12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7485","vulnerable":"1","versionEndIncluding":"4.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"tristation_1131","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-7485","qid":"591256","title":"Schneider Electric Tricon Communication Module Multiple Vulnerabilities (ICSA-20-205-01, SESB-2020-105-01)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-7485","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)","version":{"version_data":[{"version_value":"TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"improper access"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.se.com/ww/en/download/document/SESB-2020-105-01","url":"https://www.se.com/ww/en/download/document/SESB-2020-105-01"},{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01"}]},"description":{"description_data":[{"lang":"eng","value":"**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1"}]}},"nvd":{"publishedDate":"2020-04-16 19:15:00","lastModifiedDate":"2023-03-01 16:40:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:tristation_1131:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"4.9.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:tristation_1131:4.10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:tristation_1131:4.12.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows_nt:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7485","Ordinal":"167764","Title":"CVE-2020-7485","CVE":"CVE-2020-7485","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7485","Ordinal":"1","NoteData":"**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7485","Ordinal":"2","NoteData":"2020-04-15","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7485","Ordinal":"3","NoteData":"2020-07-30","Type":"Other","Title":"Modified"}]}}}