Lucene search

K
cve[email protected]CVE-2020-25195
HistoryDec 15, 2020 - 8:15 p.m.

CVE-2020-25195

2020-12-1520:15:15
CWE-20
web.nvd.nist.gov
20
cve-2020-25195
host engineering
ecom100
input field
length verification
client side
configuration web server
security vulnerability
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

41.4%

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

Affected configurations

NVD
Node
hostengh0-ecom100Match6
AND
hostengh0-ecom100_firmwareRange4.0.348
Node
hostengh0-ecom100_firmwareRange4.1.113
AND
hostengh0-ecom100Match7
Node
hostengh0-ecom100Match9
AND
hostengh0-ecom100_firmwareRange5.0.149
Node
hostengh2-ecom100Match5
AND
hostengh2-ecom100_firmwareRange4.0.2148
Node
hostengh2-ecom100Match8
AND
hostengh2-ecom100_firmwareRange5.0.1043
Node
hostengh4-ecom100Match-
AND
hostengh4-ecom100_firmwareRange4.0.2148

CNA Affected

[
  {
    "product": "Host Engineering H0-ECOM100 Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior"
      },
      {
        "status": "affected",
        "version": "Hardware Version 7x with Firmware Versions 4.1.113 and prior"
      },
      {
        "status": "affected",
        "version": "Hardware Version 9x with Firmware Versions 5.0.149 and prior"
      }
    ]
  },
  {
    "product": "Host Engineering H2-ECOM100 Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior"
      },
      {
        "status": "affected",
        "version": "Hardware Version 8x with Firmware Versions 5.0.1043 and prior"
      }
    ]
  },
  {
    "product": "Host Engineering H4-ECOM100 Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware Versions 4.0.2148 and prior"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

41.4%

Related for CVE-2020-25195