Main Vulnerability Database Vulnerabilities #VU25447

Cleartext storage of sensitive information in INNControl 3 - CVE-2020-6968

Published: February 19, 2020

Vulnerability identifier: #VU25447

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6968

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Honeywell International, Inc

Affected software:
INNControl 3

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected product allows workstation users to escalate application user privileges through the modification of local configuration files. A local user can escalate user privileges within the INNControl application.

How to mitigate CVE-2020-6968

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://ics-cert.us-cert.gov/advisories/icsa-20-049-01

Cleartext storage of sensitive information in INNControl 3 - CVE-2020-6968

Detailed vulnerability description

How to mitigate CVE-2020-6968

Sources

Please verify you're human