CVE-2020-10922

Опубликовано: 23 июл. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.

Ссылки

https://www.zerodayinitiative.com/advisories/ZDI-20-809/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-809/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:automationdirect:c-more_hmi_ea9_firmware:6.52:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:automationdirect:ea9-pgmsw:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-rhmi:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t10cl:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t10wcl:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t12cl:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t15cl:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t15cl-r:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t6cl:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t6cl-r:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t7cl:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t7cl-r:-:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:ea9-t8cl:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06752

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-wcf2-mm7g-vqrm

github

больше 3 лет назад

EPSS

Процентиль: 91%

0.06752

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20