VDE-2021-024
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2021-05-04 08:17 - Updated: 2025-05-14 12:28Summary
PHOENIX CONTACT: Security Advisory for PLCNext, SMARTRTU AXC, CHARX control modular and EEM-SB37x
Notes
Summary: The vulnerability is a Time-of-Check-Time-of-Use (CWE-367) issue which allows an attacker with access to the firmware update file to overwrite it after it has been verified (but before installation is completed), which consequently allows installing an arbitrary firmware update, bypassing the cryptographic signature check mechanism.
Impact: An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list below, which fixes this vulnerability.
For EEM-SB370, EEM-SB371 and CHARX control modular the fix will be available until end of Q3 2021. This advisory will be updated as soon the fix is available.
| **Product Number** | **Product Name** | **Fixed Version** |
|--------------------|------------------------------------|-----------------------------|
| 1151412 | AXC F 1152 | 2021.0.5 LTS external link |
| 2404267 | AXC F 2152 | 2021.0.5 LTS external link |
| 1069208 | AXC F 3152 | 2021.0.5 LTS external link |
| 1051328 | RFC 4072S | 2021.0.5 LTS external link |
| 1046568 | AXC F 2152 Starterkit | 2021.0.5 LTS external link |
| 1188165 | PLCnext Technology Starterkit | 2021.0.5 LTS external link |
| 1110435 | SMARTRTU AXC SG | End of Q3 2021 |
| 1264328 | SMARTRTU AXC IG | End of Q3 2021 |
| 1264327 | ENERGY AXC PU | End of Q3 2021 |
| 1158951 | EEM-SB370-C | End of Q3 2021 |
| 1158947 | EEM-SB371-C | End of Q3 2021 |
| 1139022 | CHARX control modular 3000 | End of Q3 2021 |
| 1139022 | CHARX control modular 3050 | End of Q3 2021 |
| 1139012 | CHARX control modular 3100 | End of Q3 2021 |
| 1138965 | CHARX control modular 3150 | End of Q3 2021 |
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
6.6 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list below, which fixes this vulnerability.
For EEM-SB370, EEM-SB371 and CHARX control modular the fix will be available until end of Q3 2021. This advisory will be updated as soon the fix is available.
| **Product Number** | **Product Name** | **Fixed Version** |
|--------------------|------------------------------------|-----------------------------|
| 1151412 | AXC F 1152 | 2021.0.5 LTS external link |
| 2404267 | AXC F 2152 | 2021.0.5 LTS external link |
| 1069208 | AXC F 3152 | 2021.0.5 LTS external link |
| 1051328 | RFC 4072S | 2021.0.5 LTS external link |
| 1046568 | AXC F 2152 Starterkit | 2021.0.5 LTS external link |
| 1188165 | PLCnext Technology Starterkit | 2021.0.5 LTS external link |
| 1110435 | SMARTRTU AXC SG | End of Q3 2021 |
| 1264328 | SMARTRTU AXC IG | End of Q3 2021 |
| 1264327 | ENERGY AXC PU | End of Q3 2021 |
| 1158951 | EEM-SB370-C | End of Q3 2021 |
| 1158947 | EEM-SB371-C | End of Q3 2021 |
| 1139022 | CHARX control modular 3000 | End of Q3 2021 |
| 1139022 | CHARX control modular 3050 | End of Q3 2021 |
| 1139012 | CHARX control modular 3100 | End of Q3 2021 |
| 1138965 | CHARX control modular 3150 | End of Q3 2021 |
References
Acknowledgments
CERT@VDE
certvde.com
Pengutronix
Vdoo
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Vdoo"
],
"organization": "Pengutronix",
"summary": "discovered and reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The vulnerability is a Time-of-Check-Time-of-Use (CWE-367) issue which allows an attacker with access to the firmware update file to overwrite it after it has been verified (but before installation is completed), which consequently allows installing an arbitrary firmware update, bypassing the cryptographic signature check mechanism.",
"title": "Summary"
},
{
"category": "description",
"text": "An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list below, which fixes this vulnerability.\nFor EEM-SB370, EEM-SB371 and CHARX control modular the fix will be available until end of Q3 2021. This advisory will be updated as soon the fix is available.\n\n| **Product Number** | **Product Name** | **Fixed Version** |\n|--------------------|------------------------------------|-----------------------------|\n| 1151412 | AXC F 1152 | 2021.0.5 LTS external link |\n| 2404267 | AXC F 2152 | 2021.0.5 LTS external link |\n| 1069208 | AXC F 3152 | 2021.0.5 LTS external link |\n| 1051328 | RFC 4072S | 2021.0.5 LTS external link |\n| 1046568 | AXC F 2152 Starterkit | 2021.0.5 LTS external link |\n| 1188165 | PLCnext Technology Starterkit | 2021.0.5 LTS external link |\n| 1110435 | SMARTRTU AXC SG | End of Q3 2021 |\n| 1264328 | SMARTRTU AXC IG | End of Q3 2021 |\n| 1264327 | ENERGY AXC PU | End of Q3 2021 |\n| 1158951 | EEM-SB370-C | End of Q3 2021 |\n| 1158947 | EEM-SB371-C | End of Q3 2021 |\n| 1139022 | CHARX control modular 3000 | End of Q3 2021 |\n| 1139022 | CHARX control modular 3050 | End of Q3 2021 |\n| 1139012 | CHARX control modular 3100 | End of Q3 2021 |\n| 1138965 | CHARX control modular 3150 | End of Q3 2021 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT advisory overview at CERT@VDE",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2021-024: PHOENIX CONTACT: Security Advisory for PLCNext, SMARTRTU AXC, CHARX control modular and EEM-SB37x - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-024"
},
{
"category": "self",
"summary": "VDE-2021-024: PHOENIX CONTACT: Security Advisory for PLCNext, SMARTRTU AXC, CHARX control modular and EEM-SB37x - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-024.json"
}
],
"title": "PHOENIX CONTACT: Security Advisory for PLCNext, SMARTRTU AXC, CHARX control modular and EEM-SB37x",
"tracking": {
"aliases": [
"VDE-2021-024"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-02-10T09:16:12.500Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.18"
}
},
"id": "VDE-2021-024",
"initial_release_date": "2021-05-04T08:17:00.000Z",
"revision_history": [
{
"date": "2021-05-04T08:17:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-03-10T09:15:00.000Z",
"number": "2",
"summary": "Update: Provider data has been corrected"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version space, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152 Starterkit",
"product": {
"name": "AXC F 2152 Starterkit",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1046568"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "CHARX control modular 3000",
"product": {
"name": "CHARX control modular 3000",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
}
},
{
"category": "product_name",
"name": "CHARX control modular 3050",
"product": {
"name": "CHARX control modular 3050",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1139022"
]
}
}
},
{
"category": "product_name",
"name": "CHARX control modular 3100",
"product": {
"name": "CHARX control modular 3100",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1139012"
]
}
}
},
{
"category": "product_name",
"name": "CHARX control modular 3150",
"product": {
"name": "CHARX control modular 3150",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"1138965"
]
}
}
},
{
"category": "product_name",
"name": "EEM-SB370-C",
"product": {
"name": "EEM-SB370-C",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1158951"
]
}
}
},
{
"category": "product_name",
"name": "EEM-SB371-C",
"product": {
"name": "EEM-SB371-C",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"1158947"
]
}
}
},
{
"category": "product_name",
"name": "ENERGY AXC PU",
"product": {
"name": "ENERGY AXC PU",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
}
},
{
"category": "product_name",
"name": "PLCnext Technology Starterkit",
"product": {
"name": "PLCnext Technology Starterkit",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"1188165"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC IG",
"product": {
"name": "SMARTRTU AXC IG",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC SG",
"product": {
"name": "SMARTRTU AXC SG",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2021.0 LTS",
"product": {
"name": "Firmware \u003c=2021.0 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=V1.0.11",
"product": {
"name": "Firmware \u003c=V1.0.11",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=2021.02.01",
"product": {
"name": "Firmware \u003c=2021.02.01",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=V4.10.0.0",
"product": {
"name": "Firmware \u003c=V4.10.0.0",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=V1.0.0.0",
"product": {
"name": "Firmware \u003c=V1.0.0.0",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=V1.6.0.1",
"product": {
"name": "Firmware \u003c=V1.6.0.1",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version",
"name": "2021.0.5 LTS",
"product": {
"name": "Firmware 2021.0.5 LTS",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.0 LTS installed on AXC F 2152 Starterkit",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.11 installed on CHARX control modular 3000",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.11 installed on CHARX control modular 3050",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.11 installed on CHARX control modular 3100",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.11 installed on CHARX control modular 3150",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.02.01 installed on EEM-SB370-C",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.02.01 installed on EEM-SB371-C",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V4.10.0.0 installed on ENERGY AXC PU",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.0 LTS installed on PLCnext Technology Starterkit",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2021.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.0.0.0 installed on SMARTRTU AXC IG",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=V1.6.0.1 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2021.0.5 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2021.0.5 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2021.0.5 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2021.0.5 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2021.0.5 LTS installed on AXC F 2152 Starterkit",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2021.0.5 LTS installed on PLCnext Technology Starterkit",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25860",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "description",
"text": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list below, which fixes this vulnerability.\nFor EEM-SB370, EEM-SB371 and CHARX control modular the fix will be available until end of Q3 2021. This advisory will be updated as soon the fix is available.\n\n| **Product Number** | **Product Name** | **Fixed Version** |\n|--------------------|------------------------------------|-----------------------------|\n| 1151412 | AXC F 1152 | 2021.0.5 LTS external link |\n| 2404267 | AXC F 2152 | 2021.0.5 LTS external link |\n| 1069208 | AXC F 3152 | 2021.0.5 LTS external link |\n| 1051328 | RFC 4072S | 2021.0.5 LTS external link |\n| 1046568 | AXC F 2152 Starterkit | 2021.0.5 LTS external link |\n| 1188165 | PLCnext Technology Starterkit | 2021.0.5 LTS external link |\n| 1110435 | SMARTRTU AXC SG | End of Q3 2021 |\n| 1264328 | SMARTRTU AXC IG | End of Q3 2021 |\n| 1264327 | ENERGY AXC PU | End of Q3 2021 |\n| 1158951 | EEM-SB370-C | End of Q3 2021 |\n| 1158947 | EEM-SB371-C | End of Q3 2021 |\n| 1139022 | CHARX control modular 3000 | End of Q3 2021 |\n| 1139022 | CHARX control modular 3050 | End of Q3 2021 |\n| 1139012 | CHARX control modular 3100 | End of Q3 2021 |\n| 1138965 | CHARX control modular 3150 | End of Q3 2021 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015"
]
}
],
"title": "CVE-2020-25860"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…