Lucene search

[email protected]NVD:CVE-2020-10922

HistoryJul 23, 2020 - 4:15 p.m.

CVE-2020-10922

2020-07-2316:15:12

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.016

Percentile

87.6%

JSON

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.

Affected configurations

Nvd

Node

automationdirectc-more_hmi_ea9_firmwareMatch6.52

AND

automationdirectea9-pgmswMatch-

automationdirectea9-rhmiMatch-

automationdirectea9-t10clMatch-

automationdirectea9-t10wclMatch-

automationdirectea9-t12clMatch-

automationdirectea9-t15clMatch-

automationdirectea9-t15cl-rMatch-

automationdirectea9-t6clMatch-

automationdirectea9-t6cl-rMatch-

automationdirectea9-t7clMatch-

automationdirectea9-t7cl-rMatch-

automationdirectea9-t8clMatch-

VendorProductVersionCPE
automationdirectc-more_hmi_ea9_firmware6.52cpe:2.3:o:automationdirect:c-more_hmi_ea9_firmware:6.52:*:*:*:*:*:*:*
automationdirectea9-pgmsw-cpe:2.3:h:automationdirect:ea9-pgmsw:-:*:*:*:*:*:*:*
automationdirectea9-rhmi-cpe:2.3:h:automationdirect:ea9-rhmi:-:*:*:*:*:*:*:*
automationdirectea9-t10cl-cpe:2.3:h:automationdirect:ea9-t10cl:-:*:*:*:*:*:*:*
automationdirectea9-t10wcl-cpe:2.3:h:automationdirect:ea9-t10wcl:-:*:*:*:*:*:*:*
automationdirectea9-t12cl-cpe:2.3:h:automationdirect:ea9-t12cl:-:*:*:*:*:*:*:*
automationdirectea9-t15cl-cpe:2.3:h:automationdirect:ea9-t15cl:-:*:*:*:*:*:*:*
automationdirectea9-t15cl-r-cpe:2.3:h:automationdirect:ea9-t15cl-r:-:*:*:*:*:*:*:*
automationdirectea9-t6cl-cpe:2.3:h:automationdirect:ea9-t6cl:-:*:*:*:*:*:*:*
automationdirectea9-t6cl-r-cpe:2.3:h:automationdirect:ea9-t6cl-r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
automationdirect	c-more_hmi_ea9_firmware	6.52	cpe:2.3:o:automationdirect:c-more_hmi_ea9_firmware:6.52:::::::*
automationdirect	ea9-pgmsw	-	cpe:2.3:h:automationdirect:ea9-pgmsw:-:::::::*
automationdirect	ea9-rhmi	-	cpe:2.3:h:automationdirect:ea9-rhmi:-:::::::*
automationdirect	ea9-t10cl	-	cpe:2.3:h:automationdirect:ea9-t10cl:-:::::::*
automationdirect	ea9-t10wcl	-	cpe:2.3:h:automationdirect:ea9-t10wcl:-:::::::*
automationdirect	ea9-t12cl	-	cpe:2.3:h:automationdirect:ea9-t12cl:-:::::::*
automationdirect	ea9-t15cl	-	cpe:2.3:h:automationdirect:ea9-t15cl:-:::::::*
automationdirect	ea9-t15cl-r	-	cpe:2.3:h:automationdirect:ea9-t15cl-r:-:::::::*
automationdirect	ea9-t6cl	-	cpe:2.3:h:automationdirect:ea9-t6cl:-:::::::*
automationdirect	ea9-t6cl-r	-	cpe:2.3:h:automationdirect:ea9-t6cl-r:-:::::::*

Rows per page:

1-10 of 131

References

www.zerodayinitiative.com/advisories/ZDI-20-809/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.016

Percentile

87.6%

JSON

Related for NVD:CVE-2020-10922

cvelist1 cve1 prion1 zdi1