IM
IronMonkey Threat Research

CVE-2020-10628 HIGH

Published: 2020-06-26 | Last Modified: 2024-11-21 | Status: Modified

Description

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.

Additional Descriptions (1)

ControlEdge PLC (versiones R130.2, R140, R150 y R151) y RTU (versiones R101, R110, R140, R150 y R151), exponen contraseñas sin cifrar en la red

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-319
[email protected] Primary
en CWE-319

Affected Products

Vendor Product Version Update Type
honeywell controledge_plc_firmware r130.2 <built-in method update of dict object at 0x7c3c32d500c0> Operating System
honeywell controledge_plc_firmware r140 <built-in method update of dict object at 0x7c3c2be86a00> Operating System
honeywell controledge_plc_firmware r150 <built-in method update of dict object at 0x7c3c2be86280> Operating System
honeywell controledge_plc_firmware r151 <built-in method update of dict object at 0x7c3c2be87a40> Operating System
honeywell controledge_rtu_firmware r101 <built-in method update of dict object at 0x7c3c32d53f40> Operating System
honeywell controledge_rtu_firmware r110 <built-in method update of dict object at 0x7c3c32d524c0> Operating System
honeywell controledge_rtu_firmware r140 <built-in method update of dict object at 0x7c3c40d59300> Operating System
honeywell controledge_rtu_firmware r150 <built-in method update of dict object at 0x7c3c2be843c0> Operating System
honeywell controledge_rtu_firmware r151 <built-in method update of dict object at 0x7c3c48143780> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r130.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r140:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r150:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_plc_firmware:r151:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:controledge_plc:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r101:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r110:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r140:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r150:*:*:*:*:*:*:*
Yes cpe:2.3:o:honeywell:controledge_rtu_firmware:r151:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:controledge_rtu:-:*:*:*:*:*:*:*

References

Notification
Message here