PT-2020-15074 · Osca · Osca-550+1
Published
2020-04-10
·
Updated
2020-04-13
·
CVE-2020-1802
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OSCA-550 version 1.0.1.23(SP2)
OSCA-550A version 1.0.1.23(SP2)
OSCA-550AX version 1.0.1.23(SP2)
OSCA-550X version 1.0.1.23(SP2)
Description
The device does not sufficiently validate the integrity of certain files in certain loading processes. A successful exploit could allow an attacker to load a crafted file to the device through USB.
Recommendations
For OSCA-550 version 1.0.1.23(SP2), consider restricting access to USB loading processes until a patch is available.
For OSCA-550A version 1.0.1.23(SP2), consider restricting access to USB loading processes until a patch is available.
For OSCA-550AX version 1.0.1.23(SP2), consider restricting access to USB loading processes until a patch is available.
For OSCA-550X version 1.0.1.23(SP2), consider restricting access to USB loading processes until a patch is available.
As a temporary workaround, consider disabling the loading of files from USB to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Osca-550
Osca-550A