CVE-2020-25195

EPSS 0.23%
Veröffentlicht 15.12.2020 20:15:15
Zuletzt bearbeitet 21.11.2024 05:17:36
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hosteng ≫ H0-ecom100 Firmware Version <= 4.0.348

Hosteng ≫ H0-ecom100 Version6

Hosteng ≫ H0-ecom100 Firmware Version <= 4.1.113

Hosteng ≫ H0-ecom100 Version7

Hosteng ≫ H0-ecom100 Firmware Version <= 5.0.149

Hosteng ≫ H0-ecom100 Version9

Hosteng ≫ H2-ecom100 Firmware Version <= 4.0.2148

Hosteng ≫ H2-ecom100 Version5

Hosteng ≫ H2-ecom100 Firmware Version <= 5.0.1043

Hosteng ≫ H2-ecom100 Version8

Hosteng ≫ H4-ecom100 Firmware Version <= 4.0.2148

Hosteng ≫ H4-ecom100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-25195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25195

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-25195