PT-2020-4341 · Tricon · Tricon

Reid Wightman

Published

2020-06-22

Updated

2022-04-27

CVE-2020-7491

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Tricon system versions 10.2.0 through 10.5.3

Description: The issue concerns a legacy debug port account in Tricon Communications Modules that is visible on the network, potentially allowing unauthorized access. This could lead to the disclosure of protected information. The estimated number of potentially affected devices worldwide is not specified.

Recommendations: For Tricon system versions 10.2.0 through 10.5.3, update to version 10.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the legacy debug port account until the update to version 10.5.4 is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-04843

CVE-2020-7491

Affected Products

Tricon

PT-2020-4341 · Tricon · Tricon

CVE-2020-7491

Weakness Enumeration

Related Identifiers

Affected Products

References · 7