Details of VAR-202008-1256

ID

VAR-202008-1256

CVE

CVE-2020-16235

TITLE

Emerson Made OpenEnterprise Vulnerability of insufficient encryption strength

Trust: 0.8

sources: JVNDB: JVNDB-2020-007820

DESCRIPTION

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. OpenEnterprise teeth Emerson Industrial SCADA It's software

Trust: 1.71

sources: NVD: CVE-2020-16235 // JVNDB: JVNDB-2020-007820 // VULMON: CVE-2020-16235

AFFECTED PRODUCTS

vendor:	emerson	model:	openenterprise scada server	scope:	lte	version:	3.3.5	Trust: 1.0
vendor:	エマソン	model:	openenterprise scada server	scope:	eq	version:	-	Trust: 0.8
vendor:	エマソン	model:	openenterprise scada server	scope:	eq	version:	3.3.6 all previous s	Trust: 0.8

sources: JVNDB: JVNDB-2020-007820 // NVD: CVE-2020-16235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-16235
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-16235
value:	LOW
Trust: 1.0
NVD:	CVE-2020-16235
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202008-1217
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-16235
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-16235
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	4.0
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-16235
baseSeverity:	LOW
baseScore:	3.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	1.4
version:	3.1
Trust: 1.0
IPA:	JVNDB-2020-007820
baseSeverity:	LOW
baseScore:	3.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-007820 // CNNVD: CNNVD-202008-1217 // NVD: CVE-2020-16235 // NVD: CVE-2020-16235

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	Inappropriate cryptographic strength (CWE-326) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-007820 // NVD: CVE-2020-16235

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-1217

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-1217

PATCH

title:

Emerson SupportNet ( Login required )

url:

https://www3.emersonprocess.com/remote/support/v3/main.html

Trust: 0.8

sources: JVNDB: JVNDB-2020-007820

EXTERNAL IDS

db:	NVD	id:	CVE-2020-16235	Trust: 3.3
db:	ICS CERT	id:	ICSA-20-238-02	Trust: 2.5
db:	JVN	id:	JVNVU96730728	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-007820	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2916	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-1217	Trust: 0.6
db:	VULMON	id:	CVE-2020-16235	Trust: 0.1

sources: VULMON: CVE-2020-16235 // JVNDB: JVNDB-2020-007820 // CNNVD: CNNVD-202008-1217 // NVD: CVE-2020-16235

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-20-238-02	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-238-02	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96730728/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16235	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2916/	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2020-16235/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-16235 // JVNDB: JVNDB-2020-007820 // CNNVD: CNNVD-202008-1217 // NVD: CVE-2020-16235

SOURCES

db:	VULMON	id:	CVE-2020-16235
db:	JVNDB	id:	JVNDB-2020-007820
db:	CNNVD	id:	CNNVD-202008-1217
db:	NVD	id:	CVE-2020-16235

LAST UPDATE DATE

2024-08-14T15:28:03.675000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-16235	date:	2022-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-007820	date:	2024-06-18T08:39:00
db:	CNNVD	id:	CNNVD-202008-1217	date:	2022-06-01T00:00:00
db:	NVD	id:	CVE-2020-16235	date:	2022-05-31T13:45:10.500

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-16235	date:	2022-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-007820	date:	2020-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202008-1217	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2020-16235	date:	2022-05-19T18:15:08.550