← Back

CVE-2020-10624

nvd nist
Published: Jun 26, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.

Affected (9)

Honeywell
2 products
Controledge Plc Firmware
Controledge Rtu Firmware
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Honeywell
Controledge Plc Firmware
Version r130.2
Controledge Plc Firmware
Version r140
Controledge Plc Firmware
Version r150
Controledge Plc Firmware
Version r151
Running on/withPlatform Versions
Honeywell
Controledge Plc
All versions
Configuration B
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Honeywell
Controledge Rtu Firmware
Version r101
Controledge Rtu Firmware
Version r110
Controledge Rtu Firmware
Version r140
Controledge Rtu Firmware
Version r150
Controledge Rtu Firmware
Version r151
Running on/withPlatform Versions
Honeywell
Controledge Rtu
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.