Main Vulnerability Database SB2020020503

SB2020020503 - Insufficiently protected credentials in AutomationDirect C-More Touch Panels

Published: February 5, 2020

Security Bulletin ID SB2020020503

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Insufficiently protected credentials (CVE-ID: CVE-2020-6969)

CWE-ID: CWE-522 - Insufficiently Protected Credentials

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to access the target system and manipulate system configurations.

The vulnerability exists due to the affected software allows to unmask credentials and other sensitive information on “unprotected” project files. A remote attacker can get account information such as usernames and passwords, obscure or manipulate process data and lock out access to the device.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsa-20-035-01