Details of VAR-202010-0507

ID

VAR-202010-0507

CVE

CVE-2020-26868

TITLE

ARC Informatique PcVue Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012254

DESCRIPTION

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit. ARC Informatique PcVue Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pcvue is a multifunctional HMI-SCADA software of ARC Informatique, an integrated solution that can monitor all aspects of customer assets. PcVue is widely used in industrial control, building management, energy management, smart grid, energy distribution, substation automation, security/fire protection systems, public facilities, material handling, transportation, renewable energy, and infrastructure. An attacker can use this vulnerability to cause a denial of service

Trust: 2.25

sources: NVD: CVE-2020-26868 // JVNDB: JVNDB-2020-012254 // CNVD: CNVD-2020-57824 // VULMON: CVE-2020-26868

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57824

AFFECTED PRODUCTS

vendor:	pcvuesolutions	model:	pcvue	scope:	gte	version:	8.10	Trust: 1.0
vendor:	pcvuesolutions	model:	pcvue	scope:	lt	version:	12.0.17	Trust: 1.0
vendor:	arc informatique	model:	pcvue	scope:	eq	version:	-	Trust: 0.8
vendor:	arc informatique	model:	pcvue	scope:	lt	version:	12.0.17 less than	Trust: 0.8
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	8.10	Trust: 0.6

sources: CNVD: CNVD-2020-57824 // JVNDB: JVNDB-2020-012254 // NVD: CVE-2020-26868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26868
value:	HIGH
Trust: 1.0
vulnerability@kaspersky.com:	CVE-2020-26868
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26868
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-57824
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-430
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-26868
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26868
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-57824
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26868
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-012254
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-57824 // VULMON: CVE-2020-26868 // JVNDB: JVNDB-2020-012254 // CNNVD: CNNVD-202010-430 // NVD: CVE-2020-26868 // NVD: CVE-2020-26868

PROBLEMTYPE DATA

problemtype:	CWE-767	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012254 // NVD: CVE-2020-26868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-430

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-430

PATCH

title:	Security Alerts	url:	https://www.pcvuesolutions.com/security	Trust: 0.8
title:	Patch for ARC Informatique PcVue Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/236971	Trust: 0.6

sources: CNVD: CNVD-2020-57824 // JVNDB: JVNDB-2020-012254

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26868	Trust: 3.1
db:	ICS CERT	id:	ICSA-20-308-03	Trust: 2.4
db:	JVN	id:	JVNVU95679259	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012254	Trust: 0.8
db:	CNVD	id:	CNVD-2020-57824	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3796	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-430	Trust: 0.6
db:	VULMON	id:	CVE-2020-26868	Trust: 0.1

sources: CNVD: CNVD-2020-57824 // VULMON: CVE-2020-26868 // JVNDB: JVNDB-2020-012254 // CNNVD: CNNVD-202010-430 // NVD: CVE-2020-26868

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03	Trust: 3.0
url:	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-016-denial-of-service-in-arc-informatique-pcvue/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26868	Trust: 2.0
url:	https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1	Trust: 1.6
url:	https://www.pcvuesolutions.com/security	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu95679259/index.html	Trust: 0.8
url:	https://www.pcvuesolutions.com/index.php/support-a-services/resources/security-alerts-95138	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3796/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-57824 // VULMON: CVE-2020-26868 // JVNDB: JVNDB-2020-012254 // CNNVD: CNNVD-202010-430 // NVD: CVE-2020-26868

SOURCES

db:	CNVD	id:	CNVD-2020-57824
db:	VULMON	id:	CVE-2020-26868
db:	JVNDB	id:	JVNDB-2020-012254
db:	CNNVD	id:	CNNVD-202010-430
db:	NVD	id:	CVE-2020-26868

LAST UPDATE DATE

2024-11-23T22:33:17.317000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-57824	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-26868	date:	2020-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-012254	date:	2021-04-27T09:05:00
db:	CNNVD	id:	CNNVD-202010-430	date:	2022-10-20T00:00:00
db:	NVD	id:	CVE-2020-26868	date:	2024-11-21T05:20:23.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-57824	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-26868	date:	2020-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-012254	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-430	date:	2020-10-12T00:00:00
db:	NVD	id:	CVE-2020-26868	date:	2020-10-12T14:15:12.323