Design/Logic Flaw

2020-09-1514:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

42.5%

JSON

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

CPENameOperatorVersion
command_centreeq8.20.1166
command_centrege8.20
command_centrelt8.20.1166
command_centreeq8.10.1211
command_centrege8.10
command_centrelt8.10.1211
command_centreeq8.00.1228
command_centrege8.00
command_centrelt8.00.1228

Name	Operator	Version
command_centre	eq	8.20.1166
command_centre	ge	8.20
command_centre	lt	8.20.1166
command_centre	eq	8.10.1211
command_centre	ge	8.10
command_centre	lt	8.10.1211
command_centre	eq	8.00.1228
command_centre	ge	8.00
command_centre	lt	8.00.1228

References

security.gallagher.com/Security-Advisories/CVE-2020-16100

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for PRION:CVE-2020-16100