exploitDog

CVE-2020-27299

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:honeywell:opc_ua_tunneller:*:*:*:*:*:*:*:*

Версия до 6.3.0.8233 (исключая)

EPSS

Процентиль: 45%

0.00223

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

CWE-125

Связанные уязвимости

GHSA-jpv4-xx47-257g

github

больше 3 лет назад

The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).

EPSS

Процентиль: 45%

0.00223

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

CWE-125