Search criteria
7 vulnerabilities found for OpenEnterprise SCADA Server by Emerson
VAR-202002-1226
Vulnerability from variot - Updated: 2024-11-23 22:41A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. Emerson OpenEnterprise SCADA Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Emerson Electric OpenEnterprise SCADA Server is a set of data acquisition and monitoring system (SCADA) servers for remote oil and gas applications from Emerson Electric. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openenterprise scada server",
"scope": "gte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.1"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.3"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "2.8.3"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "2.83"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "3.1 \u304b\u3089 3.3.3"
},
{
"model": "electric openenterprise",
"scope": "gte",
"trust": 0.6,
"vendor": "emerson",
"version": "3.1,\u003c=3.3.3"
},
{
"model": "electric openenterprise scada server",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "2.83"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openenterprise scada server",
"version": "2.8.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "openenterprise scada server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:openenterprise_scada_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
}
]
},
"cve": "CVE-2020-6970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6970",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-002270",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13044",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6970",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002270",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6970",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-002270",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13044",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-923",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. Emerson OpenEnterprise SCADA Server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Emerson Electric OpenEnterprise SCADA Server is a set of data acquisition and monitoring system (SCADA) servers for remote oil and gas applications from Emerson Electric. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6970"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6970",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-049-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13044",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0626",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47489",
"trust": 0.6
},
{
"db": "IVD",
"id": "068866E6-31A8-4E1F-8661-0851E0AA77EF",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"id": "VAR-202002-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
}
],
"trust": 1.6888889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
}
]
},
"last_update_date": "2024-11-23T22:41:10.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenEnterprise SCADA Systems",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/catalog/emerson-openenterprise-scada-systems"
},
{
"title": "Patch for Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/203833"
},
{
"title": "Emerson Electric OpenEnterprise SCADA Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110747"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6970"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6970"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47489"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
},
{
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-18T00:00:00",
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"date": "2020-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-923"
},
{
"date": "2020-02-19T21:15:11.653000",
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13044"
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002270"
},
{
"date": "2020-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-923"
},
{
"date": "2024-11-21T05:36:24.560000",
"db": "NVD",
"id": "CVE-2020-6970"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNVD",
"id": "CNVD-2020-13044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "068866e6-31a8-4e1f-8661-0851e0aa77ef"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-923"
}
],
"trust": 0.8
}
}
VAR-202008-1256
Vulnerability from variot - Updated: 2024-08-14 15:28Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. OpenEnterprise teeth Emerson Industrial SCADA It's software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.5"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": null
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "3.3.6 all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"cve": "CVE-2020-16235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-16235",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2020-16235",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.0,
"id": "CVE-2020-16235",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.8,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007820",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16235",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-16235",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2020-16235",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1217",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. OpenEnterprise teeth Emerson Industrial SCADA It\u0027s software",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "VULMON",
"id": "CVE-2020-16235"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16235",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-238-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU96730728",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2916",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16235",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"id": "VAR-202008-1256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-08-14T15:28:03.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson\u00a0SupportNet\u00a0( Login required )",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-238-02"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-238-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96730728/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16235"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2916/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-16235/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
},
{
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"date": "2020-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1217"
},
{
"date": "2022-05-19T18:15:08.550000",
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16235"
},
{
"date": "2024-06-18T08:39:00",
"db": "JVNDB",
"id": "JVNDB-2020-007820"
},
{
"date": "2022-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1217"
},
{
"date": "2022-05-31T13:45:10.500000",
"db": "NVD",
"id": "CVE-2020-16235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson\u00a0 Made \u00a0OpenEnterprise\u00a0 Vulnerability of insufficient encryption strength",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007820"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1217"
}
],
"trust": 0.6
}
}
VAR-202005-1060
Vulnerability from variot - Updated: 2024-08-14 14:44Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise teeth Emerson Industrial SCADA It's software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632 Inadequate cipher strength (CWE-326) - CVE-2020-10636 Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10632 By a local third party OpenEnterprise The password of the user account is obtained - CVE-2020-10636 A remote third party may execute arbitrary commands with system privileges or execute arbitrary code via a specific communication path. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.
There is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric openenterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "\u003c=3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "3.3.4 all previous s"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Lozko of Kaspersky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10632",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-32663",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "21189bd7-874f-4161-b42a-d22194346b1c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10632",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2020-10632",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10632",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10632",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-10632",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-32663",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-953",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10632",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise teeth Emerson Industrial SCADA It\u0027s software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632* Inadequate cipher strength (CWE-326) - CVE-2020-10636* Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10632* By a local third party OpenEnterprise The password of the user account is obtained - CVE-2020-10636* A remote third party may execute arbitrary commands with system privileges or execute arbitrary code via a specific communication path. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. \n\r\n\r\nThere is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10632",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-140-02",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2020-32663",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92838573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46744",
"trust": 0.6
},
{
"db": "IVD",
"id": "21189BD7-874F-4161-B42A-D22194346B1C",
"trust": 0.2
},
{
"db": "IVD",
"id": "83ABC14E-EB03-44CF-90B6-CEA015740C6C",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-10632",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"id": "VAR-202005-1060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
}
],
"trust": 1.83333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
}
]
},
"last_update_date": "2024-08-14T14:44:50.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson\u00a0SupportNet",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
},
{
"title": "Patch for Emerson OpenEnterprise Rights Management Improper Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/221349"
},
{
"title": "Emerson Electric OpenEnterprise Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119025"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-282",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92838573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10632"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10636"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10640"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-10632/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46744"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"date": "2022-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"date": "2022-02-24T19:15:08.543000",
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32663"
},
{
"date": "2022-03-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10632"
},
{
"date": "2024-06-20T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-953"
},
{
"date": "2022-03-07T19:58:14.080000",
"db": "NVD",
"id": "CVE-2020-10632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson\u00a0 Made \u00a0OpenEnterprise\u00a0 Multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "21189bd7-874f-4161-b42a-d22194346b1c"
},
{
"db": "IVD",
"id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-953"
}
],
"trust": 1.0
}
}
VAR-202005-1061
Vulnerability from variot - Updated: 2024-08-14 14:44Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. OpenEnterprise teeth Emerson Industrial SCADA It's software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632 Inadequate cipher strength (CWE-326) - CVE-2020-10636 Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.
Emerson Electric OpenEnterprise 3.3.4 and previous versions have security vulnerabilities. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric openenterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "\u003c=3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "3.3.4 all previous s"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Lozko of Kaspersky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10640",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-32664",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10640",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10640",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-32664",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-959",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. OpenEnterprise teeth Emerson Industrial SCADA It\u0027s software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632* Inadequate cipher strength (CWE-326) - CVE-2020-10636* Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. \n\r\n\r\nEmerson Electric OpenEnterprise 3.3.4 and previous versions have security vulnerabilities. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10640",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-140-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-32664",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92838573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46743",
"trust": 0.6
},
{
"db": "IVD",
"id": "F79AD928-818E-44CD-B31C-FA78AF6F0C02",
"trust": 0.2
},
{
"db": "IVD",
"id": "86B065F4-46DE-48AB-A901-1F7FA2D71B16",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"id": "VAR-202005-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
}
],
"trust": 1.83333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
}
]
},
"last_update_date": "2024-08-14T14:44:50.113000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson\u00a0SupportNet",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
},
{
"title": "Patch for Emerson OpenEnterprise key function certification missing vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/221353"
},
{
"title": "Emerson Electric OpenEnterprise Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119031"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
},
{
"trust": 1.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92838573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10632"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10636"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10640"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46743"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-10640/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
},
{
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "f79ad928-818e-44cd-b31c-fa78af6f0c02"
},
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "86b065f4-46de-48ab-a901-1f7fa2d71b16"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-959"
},
{
"date": "2022-02-24T19:15:08.707000",
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32664"
},
{
"date": "2024-06-20T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-959"
},
{
"date": "2022-03-04T18:22:14.143000",
"db": "NVD",
"id": "CVE-2020-10640"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson\u00a0 Made \u00a0OpenEnterprise\u00a0 Multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-959"
}
],
"trust": 0.6
}
}
VAR-202005-1059
Vulnerability from variot - Updated: 2024-08-14 14:44Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. OpenEnterprise teeth Emerson Industrial SCADA It's software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632 Inadequate cipher strength (CWE-326) - CVE-2020-10636 Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10632 By a local third party OpenEnterprise The password of the user account is obtained - CVE-2020-10636 A remote third party may execute arbitrary commands with system privileges or execute arbitrary code via a specific communication path. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric openenterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "\u003c=3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "3.3.4"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": "3.3.4 all previous s"
},
{
"model": "openenterprise scada server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a8\u30de\u30bd\u30f3",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Lozko of Kaspersky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10636",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-32662",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10636",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2020-10636",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004589",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10636",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-10636",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-004589",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-32662",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-948",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. OpenEnterprise teeth Emerson Industrial SCADA It\u0027s software. OpenEnterprise contains the following multiple vulnerabilities: * Improper ownership management (CWE-282) - CVE-2020-10632* Inadequate cipher strength (CWE-326) - CVE-2020-10636* Lack of authentication for critical features (CWE-306) - CVE-2020-10640The potential impact will vary for each vulnerability, but you may be affected by: * Incorrect settings of access permissions for folders in the system allow a local third party to tamper with important configuration files, resulting in system failures or unexpected behavior. - CVE-2020-10632* By a local third party OpenEnterprise The password of the user account is obtained - CVE-2020-10636* A remote third party may execute arbitrary commands with system privileges or execute arbitrary code via a specific communication path. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10636"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10636",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-140-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-32662",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92838573",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46742",
"trust": 0.6
},
{
"db": "IVD",
"id": "58031B0E-70FE-4E95-A4CC-8DDB87AAEFA9",
"trust": 0.2
},
{
"db": "IVD",
"id": "F46ECF09-7F03-43D5-ADE5-B649BE1B7EDE",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"id": "VAR-202005-1059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
}
],
"trust": 1.83333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
}
]
},
"last_update_date": "2024-08-14T14:44:50.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Emerson\u00a0SupportNet",
"trust": 0.8,
"url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
},
{
"title": "Patch for Emerson Electric OpenEnterprise encryption problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/221347"
},
{
"title": "Emerson Electric OpenEnterprise Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
},
{
"trust": 1.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92838573"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10632"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10636"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10640"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46742"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-10636/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
},
{
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "58031b0e-70fe-4e95-a4cc-8ddb87aaefa9"
},
{
"date": "2020-05-19T00:00:00",
"db": "IVD",
"id": "f46ecf09-7f03-43d5-ade5-b649be1b7ede"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-948"
},
{
"date": "2022-02-24T19:15:08.653000",
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"date": "2024-06-20T09:12:00",
"db": "JVNDB",
"id": "JVNDB-2020-004589"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-948"
},
{
"date": "2022-03-07T20:04:32.380000",
"db": "NVD",
"id": "CVE-2020-10636"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric OpenEnterprise encryption problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-32662"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-948"
}
],
"trust": 0.6
}
}
CVE-2020-6970 (GCVE-0-2020-6970)
Vulnerability from nvd – Published: 2020-02-19 20:19 – Updated: 2024-08-04 09:18
VLAI?
Summary
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Emerson | OpenEnterprise SCADA Server |
Affected:
2.83 (if Modbus or ROC Interfaces have been installed and are in use)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEnterprise SCADA Server",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
},
{
"product": "OpenEnterprise",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "3.1 through 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T20:19:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenEnterprise SCADA Server",
"version": {
"version_data": [
{
"version_value": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
}
},
{
"product_name": "OpenEnterprise",
"version": {
"version_data": [
{
"version_value": "3.1 through 3.3.3"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6970",
"datePublished": "2020-02-19T20:19:55",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6970 (GCVE-0-2020-6970)
Vulnerability from cvelistv5 – Published: 2020-02-19 20:19 – Updated: 2024-08-04 09:18
VLAI?
Summary
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Emerson | OpenEnterprise SCADA Server |
Affected:
2.83 (if Modbus or ROC Interfaces have been installed and are in use)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenEnterprise SCADA Server",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
},
{
"product": "OpenEnterprise",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "3.1 through 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T20:19:55",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenEnterprise SCADA Server",
"version": {
"version_data": [
{
"version_value": "2.83 (if Modbus or ROC Interfaces have been installed and are in use)"
}
]
}
},
{
"product_name": "OpenEnterprise",
"version": {
"version_data": [
{
"version_value": "3.1 through 3.3.3"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-049-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-6970",
"datePublished": "2020-02-19T20:19:55",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}