CVE-2020-6653

Published: Aug 12, 2020Modified: Jun 17, 2026

3.9

Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.3 / Impact: 3.6

Source: NVD

Description

Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.

Affected (1)

Products: Eaton: Secureconnect

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eaton Secureconnect	Up to 1.7.3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf

Source: CybersecurityCOE@eaton.com

Vendor Advisory

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.