PT-2020-20465 · Wincor+1 · Wincor Probase+1

Maxim Kozorez

Published

2020-08-21

Updated

2020-08-27

CVE-2020-9062

CVSS v3.1

5.3

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30

Description The issue allows an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer. This can include altering the amount and value of currency being deposited. The messages between the CCDM and the host computer are not encrypted, authenticated, or verified for integrity.

Recommendations For Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30, consider implementing encryption, authentication, and integrity verification for messages between the CCDM and the host computer to prevent interception and modification. As a temporary workaround, restrict physical access to internal ATM components to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-353CWE-311CWE-306

Related Identifiers

CVE-2020-9062

Affected Products

Procash 2100Xe

Wincor Probase

PT-2020-20465 · Wincor+1 · Wincor Probase+1

CVE-2020-9062

Weakness Enumeration

Related Identifiers

Affected Products

References · 3