Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-10919

Опубликовано: 23 июл. 2020
Источник: nvd
CVSS3: 5.9
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:automationdirect:c-more_hmi_ea9_firmware:6.52:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:automationdirect:ea9-pgmsw:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-rhmi:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t10cl:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t10wcl:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t12cl:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t15cl:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t15cl-r:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t6cl:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t6cl-r:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t7cl:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t7cl-r:-:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:ea9-t8cl:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01041
Низкий

5.9 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-261
CWE-326

Связанные уязвимости

github логотип

GHSA-9w5v-rmgq-p82g

CVSS3: 5.9
github
больше 3 лет назад

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.

EPSS

Процентиль: 77%
0.01041
Низкий

5.9 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-261
CWE-326