Details of VAR-202010-0508

ID

VAR-202010-0508

CVE

CVE-2020-26869

TITLE

ARC Informatique PcVue information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-57823 // CNNVD: CNNVD-202010-427

DESCRIPTION

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. ARC Informatique PcVue Contains an information disclosure vulnerability.Information may be obtained. Pcvue is a multifunctional HMI-SCADA software of ARC Informatique, an integrated solution that can monitor all aspects of customer assets. PcVue is widely used in industrial control, building management, energy management, smart grid, energy distribution, substation automation, security/fire protection systems, public facilities, material handling, transportation, renewable energy, and infrastructure. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2020-26869 // JVNDB: JVNDB-2020-012255 // CNVD: CNVD-2020-57823 // VULMON: CVE-2020-26869

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57823

AFFECTED PRODUCTS

vendor:	pcvuesolutions	model:	pcvue	scope:	gte	version:	8.10	Trust: 1.0
vendor:	pcvuesolutions	model:	pcvue	scope:	lt	version:	12.0.17	Trust: 1.0
vendor:	arc informatique	model:	pcvue	scope:	eq	version:	-	Trust: 0.8
vendor:	arc informatique	model:	pcvue	scope:	lt	version:	12.0.17 less than	Trust: 0.8
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	12	Trust: 0.6

sources: CNVD: CNVD-2020-57823 // JVNDB: JVNDB-2020-012255 // NVD: CVE-2020-26869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26869
value:	HIGH
Trust: 1.0
vulnerability@kaspersky.com:	CVE-2020-26869
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26869
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-57823
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-427
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-26869
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26869
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-57823
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26869
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-012255
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-57823 // VULMON: CVE-2020-26869 // JVNDB: JVNDB-2020-012255 // CNNVD: CNNVD-202010-427 // NVD: CVE-2020-26869 // NVD: CVE-2020-26869

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012255 // NVD: CVE-2020-26869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-427

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202010-427

PATCH

title:	Security Alerts	url:	https://www.pcvuesolutions.com/security	Trust: 0.8
title:	Patch for ARC Informatique PcVue information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/236980	Trust: 0.6
title:	ARC Informatique PcVue Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131179	Trust: 0.6

sources: CNVD: CNVD-2020-57823 // JVNDB: JVNDB-2020-012255 // CNNVD: CNNVD-202010-427

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26869	Trust: 3.1
db:	ICS CERT	id:	ICSA-20-308-03	Trust: 2.4
db:	JVN	id:	JVNVU95679259	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012255	Trust: 0.8
db:	CNVD	id:	CNVD-2020-57823	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3796	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-427	Trust: 0.6
db:	VULMON	id:	CVE-2020-26869	Trust: 0.1

sources: CNVD: CNVD-2020-57823 // VULMON: CVE-2020-26869 // JVNDB: JVNDB-2020-012255 // CNNVD: CNNVD-202010-427 // NVD: CVE-2020-26869

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03	Trust: 3.0
url:	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-017-session-information-exposure-in-arc-informatique-pcvue/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26869	Trust: 2.0
url:	https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1	Trust: 1.6
url:	https://www.pcvuesolutions.com/security	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu95679259/index.html	Trust: 0.8
url:	https://www.pcvuesolutions.com/index.php/support-a-services/resources/security-alerts-95138	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3796/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-57823 // VULMON: CVE-2020-26869 // JVNDB: JVNDB-2020-012255 // CNNVD: CNNVD-202010-427 // NVD: CVE-2020-26869

SOURCES

db:	CNVD	id:	CNVD-2020-57823
db:	VULMON	id:	CVE-2020-26869
db:	JVNDB	id:	JVNDB-2020-012255
db:	CNNVD	id:	CNNVD-202010-427
db:	NVD	id:	CVE-2020-26869

LAST UPDATE DATE

2024-11-23T22:33:17.287000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-57823	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-26869	date:	2020-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-012255	date:	2021-04-27T09:05:00
db:	CNNVD	id:	CNNVD-202010-427	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2020-26869	date:	2024-11-21T05:20:23.290

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-57823	date:	2020-10-21T00:00:00
db:	VULMON	id:	CVE-2020-26869	date:	2020-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-012255	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-427	date:	2020-10-12T00:00:00
db:	NVD	id:	CVE-2020-26869	date:	2020-10-12T14:15:12.403