Main Vulnerability Database Vulnerabilities #VU41128

#VU41128 Information disclosure in SAE International products - CVE-2020-14514

Published: August 10, 2020

Vulnerability identifier: #VU41128

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-14514

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
J2497
Power Line Communications Bus
PLC4TRUCKS

Software vendor:
SAE International

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-219-01

#VU41128 Information disclosure in SAE International products - CVE-2020-14514

Description

Remediation

External links

Please verify you're human