Lucene search

INCIBECVELIST:CVE-2020-8976

HistoryOct 17, 2022 - 9:18 p.m.

CVE-2020-8976 ZGR TPS200 Cross-Site Request Forgery (CSRF)

2022-10-1721:18:06

CWE-352

INCIBE

www.cve.org

cve-2020-8976

cross-site request forgery

zgr tps200

remote attack

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZGR TPS200 NG",
    "vendor": "ZGR",
    "versions": [
      {
        "status": "affected",
        "version": "2.00 firmware version 2.00"
      },
      {
        "status": "affected",
        "version": "1.01 hardware version 1.01"
      }
    ]
  }
]

References

www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Related for CVELIST:CVE-2020-8976