Main Vulnerability Database SB2020020503

SB2020020503 - Insufficiently protected credentials in AutomationDirect C-More Touch Panels

Published: February 5, 2020

Security Bulletin ID SB2020020503

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficiently protected credentials (CVE-ID: CVE-2020-6969)

The vulnerability allows a remote attacker to access the target system and manipulate system configurations.

The vulnerability exists due to the affected software allows to unmask credentials and other sensitive information on “unprotected” project files. A remote attacker can get account information such as usernames and passwords, obscure or manipulate process data and lock out access to the device.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsa-20-035-01