IM
IronMonkey Threat Research

CVE-2020-10624 HIGH

Published: 2020-06-26 | Last Modified: 2024-11-21 | Status: Modified

Description

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.

Additional Descriptions (1)

ControlEdge PLC (versiones R130.2, R140, R150 y R151) y RTU (versiones R101, R110, R140, R150 y R151), exponen un token de sesiĆ³n en la red

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-319
[email protected] Primary
en CWE-319

Affected Products

Vendor Product Version Update Type
honeywell controledge_plc_firmware r130.2 <built-in method update of dict object at 0x7c3c32d50940> Operating System
honeywell controledge_plc_firmware r140 <built-in method update of dict object at 0x7c3c40d4cd00> Operating System
honeywell controledge_plc_firmware r150 <built-in method update of dict object at 0x7c3c32d52300> Operating System
honeywell controledge_plc_firmware r151 <built-in method update of dict object at 0x7c3c32d51fc0> Operating System
honeywell controledge_rtu_firmware r101 <built-in method update of dict object at 0x7c3c32d53a80> Operating System
honeywell controledge_rtu_firmware r110 <built-in method update of dict object at 0x7c3c32d52e40> Operating System
honeywell controledge_rtu_firmware r140 <built-in method update of dict object at 0x7c3c2ab0d200> Operating System
honeywell controledge_rtu_firmware r150 <built-in method update of dict object at 0x7c3c2ab0dac0> Operating System
honeywell controledge_rtu_firmware r151 <built-in method update of dict object at 0x7c3c32d526c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r130.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r140:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r150:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r151:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:controledge_plc:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r101:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r110:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r140:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r150:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r151:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:controledge_rtu:-:*:*:*:*:*:*:*

References

Notification
Message here