Vulnerability-Lookup

GHSA-V536-97C8-3VW5

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25

Details

Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6653"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-12T17:15:00Z",
    "severity": "LOW"
  },
  "details": "Eaton\u0027s Secure connect mobile app v1.7.3 \u0026 prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user\u0027s account and associated devices.",
  "id": "GHSA-v536-97c8-3vw5",
  "modified": "2022-05-24T17:25:27Z",
  "published": "2022-05-24T17:25:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6653"
    },
    {
      "type": "WEB",
      "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-6653 (GCVE-0-2020-6653)

Vulnerability from cvelistv5 – Published: 2020-08-12 16:03 – Updated: 2024-09-17 00:47

Title

Sensitive date stored in logcat file

Summary

Severity

3.8 (Low)


                        
                          CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Information Exposure
CWE-532 - Information Exposure Through Log Files

Assigner

Eaton

References

1 reference

URL	Tags
https://www.eaton.com/content/dam/eaton/company/n…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Eaton	Secure Connect Mobile App	Affected: unspecified , ≤ 1.7.3 (custom)

Date Public

2020-08-05 00:00

Credits

Eaton would like to thank Vishal Bharad for working with Eaton and helping Eaton in releasing more robust and secure products.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Connect Mobile App",
          "vendor": "Eaton",
          "versions": [
            {
              "lessThanOrEqual": "1.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Eaton would like to thank Vishal Bharad for working with Eaton and helping Eaton in releasing  more robust and secure products."
        }
      ],
      "datePublic": "2020-08-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Eaton\u0027s Secure connect mobile app v1.7.3 \u0026 prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user\u0027s account and associated devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Information Exposure Through Log Files",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-12T16:03:34.000Z",
        "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "shortName": "Eaton"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Eaton has release a new version of the app v1.7.4. User\u0027s are recommended to update their apps."
        }
      ],
      "source": {
        "advisory": "ETN-VA-2020-1005",
        "defect": [
          "ETN-VA-2020-1005"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Sensitive date stored in logcat file",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "CybersecurityCOE@eaton.com",
          "DATE_PUBLIC": "2020-08-05T05:49:00.000Z",
          "ID": "CVE-2020-6653",
          "STATE": "PUBLIC",
          "TITLE": "Sensitive date stored in logcat file"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Connect Mobile App",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.7.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Eaton"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Eaton would like to thank Vishal Bharad for working with Eaton and helping Eaton in releasing  more robust and secure products."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Eaton\u0027s Secure connect mobile app v1.7.3 \u0026 prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user\u0027s account and associated devices."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-532 Information Exposure Through Log Files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf",
              "refsource": "MISC",
              "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-vulnerability-advisory-secure-connect-mobile-app.pdf"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Eaton has release a new version of the app v1.7.4. User\u0027s are recommended to update their apps."
          }
        ],
        "source": {
          "advisory": "ETN-VA-2020-1005",
          "defect": [
            "ETN-VA-2020-1005"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
    "assignerShortName": "Eaton",
    "cveId": "CVE-2020-6653",
    "datePublished": "2020-08-12T16:03:34.076Z",
    "dateReserved": "2020-01-09T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:47:05.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-V536-97C8-3VW5

CVE-2020-6653 (GCVE-0-2020-6653)

Tags

Sightings

Nomenclature