PT-2020-12252 · Pac Systems · Controledge Plc+1

Published

2020-06-26

Updated

2020-07-07

CVE-2020-10624

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ControlEdge PLC versions R130.2, R140, R150, and R151 ControlEdge RTU versions R101, R110, R140, R150, and R151

Description The issue concerns the exposure of a session token on the network. This affects ControlEdge PLC and RTU devices, potentially allowing unauthorized access.

Recommendations For ControlEdge PLC versions R130.2, R140, R150, and R151, restrict network access to minimize exposure of the session token. For ControlEdge RTU versions R101, R110, R140, R150, and R151, consider implementing additional security measures to protect the session token. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-10624

Affected Products

Controledge Plc

Controledge Rtu

PT-2020-12252 · Pac Systems · Controledge Plc+1

CVE-2020-10624

Weakness Enumeration

Related Identifiers

Affected Products

References · 4