Lucene search

[email protected]CVE-2020-10628

HistoryJun 26, 2020 - 5:15 p.m.

CVE-2020-10628

2020-06-2617:15:10

CWE-319

[email protected]

web.nvd.nist.gov

controledge

plc

rtu

unencrypted passwords

network security

cve-2020-10628

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.

Affected configurations

NVD

Node

honeywellcontroledge_plc_firmwareMatchr130.2

honeywellcontroledge_plc_firmwareMatchr140

honeywellcontroledge_plc_firmwareMatchr150

honeywellcontroledge_plc_firmwareMatchr151

AND

honeywellcontroledge_plcMatch-

Node

honeywellcontroledge_rtu_firmwareMatchr101

honeywellcontroledge_rtu_firmwareMatchr110

honeywellcontroledge_rtu_firmwareMatchr140

honeywellcontroledge_rtu_firmwareMatchr150

honeywellcontroledge_rtu_firmwareMatchr151

AND

honeywellcontroledge_rtuMatch-

CPENameOperatorVersion
honeywell:controledge_plc_firmwarehoneywell controledge plc firmwareeqr130.2
honeywell:controledge_plc_firmwarehoneywell controledge plc firmwareeqr140
honeywell:controledge_plc_firmwarehoneywell controledge plc firmwareeqr150
honeywell:controledge_plc_firmwarehoneywell controledge plc firmwareeqr151

CPE	Name	Operator	Version
honeywell:controledge_plc_firmware	honeywell controledge plc firmware	eq	r130.2
honeywell:controledge_plc_firmware	honeywell controledge plc firmware	eq	r140
honeywell:controledge_plc_firmware	honeywell controledge plc firmware	eq	r150
honeywell:controledge_plc_firmware	honeywell controledge plc firmware	eq	r151

CNA Affected

[
  {
    "product": "ControlEdge PLC",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "R130.2"
      },
      {
        "status": "affected",
        "version": "R140"
      },
      {
        "status": "affected",
        "version": "R150"
      },
      {
        "status": "affected",
        "version": "R151"
      }
    ]
  },
  {
    "product": "ControlEdge RTU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "R101"
      },
      {
        "status": "affected",
        "version": "R110"
      },
      {
        "status": "affected",
        "version": "R140"
      },
      {
        "status": "affected",
        "version": "R150"
      },
      {
        "status": "affected",
        "version": "R151"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsa-20-175-02

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2020-10628

nvd1 cvelist1 prion1 ics1