IM
IronMonkey Threat Research

CVE-2020-6968 HIGH

Published: 2020-02-20 | Last Modified: 2024-11-21 | Status: Modified

Description

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.

Additional Descriptions (1)

Honeywell INNCOM INNControl 3, permite a usuarios de estación de trabajo escalar privilegios a usuarios de aplicación mediante la modificación de los archivos de configuración local.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Base Score: 4.6 (MEDIUM)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-269
[email protected] Primary
en CWE-269

Affected Products

Vendor Product Version Update Type
honeywell inncom_inncontrol_firmware * <built-in method update of dict object at 0x7c3c40d4d800> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:honeywell:inncom_inncontrol_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:honeywell:inncom_inncontrol:-:*:*:*:*:*:*:*

References

Notification
Message here