Details of VAR-202005-1034

ID

VAR-202005-1034

CVE

CVE-2020-12493

TITLE

SWARCO TRAFFIC SYSTEMS Made SWARCO CPU LS4000 Improper access control vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004995

DESCRIPTION

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. SWARCO CPU LS4000 Is the chip software built into the traffic light controller

Trust: 1.71

sources: NVD: CVE-2020-12493 // JVNDB: JVNDB-2020-004995 // VULHUB: VHN-165177

AFFECTED PRODUCTS

vendor:	swarco	model:	cpu ls4000	scope:	eq	version:	g4	Trust: 1.0
vendor:	swarco traffic	model:	cpu ls4000	scope:	eq	version:	g4 のすべての os バージョン	Trust: 0.8

sources: JVNDB: JVNDB-2020-004995 // NVD: CVE-2020-12493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12493
value:	CRITICAL
Trust: 1.0
info@cert.vde.com:	CVE-2020-12493
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-004995
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202005-1435
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-165177
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-12493
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004995
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-165177
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12493
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-004995
baseSeverity:	CRITICAL
baseScore:	10
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165177 // JVNDB: JVNDB-2020-004995 // CNNVD: CNNVD-202005-1435 // NVD: CVE-2020-12493 // NVD: CVE-2020-12493

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-165177 // JVNDB: JVNDB-2020-004995 // NVD: CVE-2020-12493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1435

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1435

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004995

PATCH

title:	SWARCO: Critical Vulnerability in CPU LS4000	url:	https://cert.vde.com/de-de/advisories/vde-2020-016	Trust: 0.8
title:	Traffic Light Controllers	url:	https://www.swarco.com/products/traffic-light-controllers	Trust: 0.8

sources: JVNDB: JVNDB-2020-004995

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12493	Trust: 2.5
db:	CERT@VDE	id:	VDE-2020-016	Trust: 1.7
db:	ICS CERT	id:	ICSA-20-154-06	Trust: 1.4
db:	JVN	id:	JVNVU90630279	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004995	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-1435	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1928	Trust: 0.6
db:	VULHUB	id:	VHN-165177	Trust: 0.1

sources: VULHUB: VHN-165177 // JVNDB: JVNDB-2020-004995 // CNNVD: CNNVD-202005-1435 // NVD: CVE-2020-12493

REFERENCES

url:	https://cert.vde.com/de-de/advisories/vde-2020-016	Trust: 1.7
url:	https://www.us-cert.gov/ics/advisories/icsa-20-154-06	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12493	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12493	Trust: 0.8
url:	https://www.us-cert.gov/ics/recommended-practices	Trust: 0.8
url:	https://www.us-cert.gov/ics/tips/ics-tip-12-146-01b	Trust: 0.8
url:	https://www.us-cert.gov/sites/default/files/recommended_practices/nccic_ics-cert_defense_in_depth_2016_s508c.pdf	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90630279/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1928/	Trust: 0.6

sources: VULHUB: VHN-165177 // JVNDB: JVNDB-2020-004995 // CNNVD: CNNVD-202005-1435 // NVD: CVE-2020-12493

SOURCES

db:	VULHUB	id:	VHN-165177
db:	JVNDB	id:	JVNDB-2020-004995
db:	CNNVD	id:	CNNVD-202005-1435
db:	NVD	id:	CVE-2020-12493

LAST UPDATE DATE

2024-11-23T21:51:28.783000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165177	date:	2021-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-004995	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202005-1435	date:	2021-11-05T00:00:00
db:	NVD	id:	CVE-2020-12493	date:	2024-11-21T04:59:47.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165177	date:	2020-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-004995	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202005-1435	date:	2020-05-29T00:00:00
db:	NVD	id:	CVE-2020-12493	date:	2020-05-29T18:15:11.127