Main Vulnerability Database Vulnerabilities #VU25418

#VU25418 Incorrect permission assignment for critical resource in Emalytics Controller ILC 2050 BI and Emalytics Controller ILC 2050 BI-L - CVE-2020-8768

Published: February 18, 2020

Vulnerability identifier: #VU25418

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-8768

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Emalytics Controller ILC 2050 BI
Emalytics Controller ILC 2050 BI-L

Software vendor:
Phoenix Contact GmbH

Description

The vulnerability allows a remote attacker to gain access to unintended functionality on the target system.

The vulnerability exists due to an insecure mechanism for read and write access to the configuration of the device. A remote attacker can examine a link on the website of the device, discover this mechanism, change the device configuration and start or stop services.

Remediation

Install updates from vendor's website.

External links

https://cert.vde.com/de-de/advisories/vde-2020-001