CVE-2020-9045

EPSS 0.13%
Veröffentlicht 21.05.2020 15:15:10
Zuletzt bearbeitet 21.11.2024 05:39:53
Quelle productsecurity@jci.com
CVE-Watchlists
Login
Unerledigt
Login

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tyco ≫ Victor Video Management System Version5.2

Johnsoncontrols ≫ C-cure 9000 Firmware Version2.70

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.334

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
productsecurity@jci.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

Patch

Vendor Advisory

https://www.us-cert.gov/ics/advisories/ICSA-20-142-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-9045

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9045

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9045

EUVD