Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-6969 |
CWE-ID | CWE-522 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
C-More Touch Panels EA9 series Hardware solutions / Other hardware appliances |
Vendor | AutomationDirect |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU24933
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-6969
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to access the target system and manipulate system configurations.
The vulnerability exists due to the affected software allows to unmask credentials and other sensitive information on “unprotected” project files. A remote attacker can get account information such as usernames and passwords, obscure or manipulate process data and lock out access to the device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsC-More Touch Panels EA9 series: 5.0 - 6.52
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-20-035-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.