Main Vulnerability Database SB2020081004

SB2020081004 - Information disclosure in Trailer Power Line Communications

Published: August 10, 2020

Security Bulletin ID SB2020081004

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2020-14514)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsa-20-219-01

SB2020081004 - Information disclosure in Trailer Power Line Communications

Breakdown by Severity

Description

Remediation

References

Please verify you're human