#VU29219 Cleartext transmission of sensitive information in ControlEdge PLC and ControlEdge RTU - CVE-2020-10628
Published: June 24, 2020
Vulnerability identifier: #VU29219
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-10628
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ControlEdge PLC
ControlEdge RTU
ControlEdge PLC
ControlEdge RTU
Software vendor:
Honeywell International, Inc
Honeywell International, Inc
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data, such as passwords.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.