PT-2020-12255 · Pentair · Controledge Plc+1
Nikolay Sklyarenko
·
Published
2020-06-26
·
Updated
2020-07-07
·
CVE-2020-10628
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ControlEdge PLC versions R130.2, R140, R150, and R151
ControlEdge RTU versions R101, R110, R140, R150, and R151
Description
The issue concerns the exposure of unencrypted passwords on the network. This occurs due to a problem where passwords are not properly secured, potentially allowing unauthorized access to sensitive information.
Recommendations
For ControlEdge PLC versions R130.2, R140, R150, and R151, consider implementing encryption for password transmission to prevent exposure.
For ControlEdge RTU versions R101, R110, R140, R150, and R151, apply the same encryption measures as for the PLC versions to secure passwords.
As a temporary workaround, restrict network access to minimize the risk of password interception until a proper fix is applied.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Controledge Plc
Controledge Rtu