Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2020-7483

Cleartext Transmission of Sensitive Information

Published: Apr 16, 2020 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-7483
CWEhttps://cwe.mitre.org/data/definitions/319.html

VERSION NOT SUPPORTED WHEN ASSIGNED A vulnerability could cause certain data to be visible on the network when the password feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The password feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name Vendor Start Version End Version
Tristation_1131 Schneider-electric 1.0 (including) 4.12.0 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use