Lucene search

KasperskyCVELIST:CVE-2020-26867

HistoryOct 12, 2020 - 1:54 p.m.

CVE-2020-26867 ARC Informatique PcVue Deserialization of Untrusted Data

2020-10-1213:54:47

CWE-502

Kaspersky

www.cve.org

cve-2020-26867

arc informatique

pcvue

deserialization

untrusted data

remote code execution

web server

mobile server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

CNA Affected

[
  {
    "product": "PcVue",
    "vendor": "ARC Informatique",
    "versions": [
      {
        "lessThanOrEqual": "12.0.17",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/

us-cert.cisa.gov/ics/advisories/icsa-20-308-03

www.pcvuesolutions.com/security

www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

Related for CVELIST:CVE-2020-26867