#VU29220 Cleartext transmission of sensitive information in ControlEdge PLC and ControlEdge RTU - CVE-2020-10624
Published: June 24, 2020
Vulnerability identifier: #VU29220
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-10624
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ControlEdge PLC
ControlEdge RTU
ControlEdge PLC
ControlEdge RTU
Software vendor:
Honeywell International, Inc
Honeywell International, Inc
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data, such as session token.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.