SB2020070806 - Multiple vulnerabilities in Grundfos CIM 500

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070806

SB2020070806 - Multiple vulnerabilities in Grundfos CIM 500

Published: July 8, 2020

Security Bulletin ID SB2020070806
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2020-10605)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due the affected product responds to unauthenticated requests for password storage files. A remote attacker can gain access to sensitive information on the target system.


2) Unprotected storage of credentials (CVE-ID: CVE-2020-10609)

The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote attacker can view contents of the configuration file and gain access to passwords for 3rd party integration.


Remediation

Install update from vendor's website.

References