CVE-2020-6978 HIGH

Published: 2020-03-24 | Last Modified: 2024-11-21 | Status: Modified

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.

Additional Descriptions (1)

En Honeywell WIN-PAK versión 4.7.2, Web y versiones anteriores, el producto afectado es vulnerable debido al uso de bibliotecas jQuery antiguas.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 2.7

AV:N/AC:L/Au:N/C:P/I:P/A:N

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 4.9

Source	Type	Description
[email protected]	Secondary	en CWE-477
[email protected]	Primary	en NVD-CWE-Other

Vendor	Product	Version	Update	Type
honeywell	win-pak	*	<built-in method update of dict object at 0x7c3bf3a1dd40>	Application

Vulnerable	CPE
Yes	`cpe:2.3:a:honeywell:win-pak::::::::`

https://www.us-cert.gov/ics/advisories/icsa-20-056-05
Source: [email protected]

Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-056-05
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource