CVE Vulnerability

CVE-2020-25195

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02 Third Party Advisory US Government Resource
Configurations

Configuration 1
Information

Published : 2020-12-15 08:15

Updated : 2020-12-18 02:59

NVD link : CVE-2020-25195

Mitre link : CVE-2020-25195

Products Affected
No products.
CWE
CWE-20