CVE-2020-12017

{"id": "CVE-2020-12017", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 8.5, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-06-02T19:15:11.403", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device\u2019s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system."}, {"lang": "es", "value": "GE Grid Solutions Reason RT Clocks, RT430, RT431 y RT434, todas las versiones de firmware anteriores a 08A05. La vulnerabilidad del dispositivo en la aplicaci\u00f3n web podr\u00eda permitir m\u00faltiples ataques no autenticados que podr\u00edan causar un grave impacto. La vulnerabilidad puede permitir a un atacante no autenticado ejecutar comandos arbitrarios y enviar una petici\u00f3n hacia una URL espec\u00edfica que podr\u00eda causar que el dispositivo deje de responder. El atacante no autenticado puede cambiar la contrase\u00f1a de la cuenta de usuario \"configuration\", permitiendo al atacante modificar la configuraci\u00f3n del dispositivo por medio de la interfaz web usando la nueva contrase\u00f1a. Esta vulnerabilidad tambi\u00e9n puede permitir a un atacante no autenticado omitir la autenticaci\u00f3n requerida para configurar el dispositivo y reiniciar el sistema."}], "lastModified": "2024-11-21T04:59:07.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:rt430_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD109DE7-1C72-4778-9B9E-268F2E731018", "versionEndExcluding": "08a05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:rt430:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EB994D8-B52E-4375-8957-6B5F0866F5B3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:rt431_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C32D1CAD-1546-4229-AC62-80E5A2E7557C", "versionEndExcluding": "08a05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:rt431:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "366B4D1B-A8CB-4EA9-8C84-A4E3CCB4B22D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:rt434_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10BC5948-A2D1-45B6-87B4-DD4524791F18", "versionEndExcluding": "08a05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:rt434:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BCD38027-CE2E-45B0-98B2-922C64494745"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}