Sign-up

ID

VAR-202107-0200


CVE

CVE-2020-20741


TITLE

Beckhoff Automation GmbH & Co. KG CX9020  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-016595

DESCRIPTION

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect. KG CX9020 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2020-20741 // JVNDB: JVNDB-2019-016595 // VULMON: CVE-2020-20741

AFFECTED PRODUCTS

vendor:beckhoffmodel:cx9020scope:eqversion:6.02

Trust: 1.0

vendor:beckhoff automationmodel:cx9020scope:eqversion:_cb3011_wec7_hps_v602_tc31_b4016.6

Trust: 0.8

vendor:beckhoff automationmodel:cx9020scope:eqversion: -

Trust: 0.8

vendor:beckhoff automationmodel:cx9020scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016595 // NVD: CVE-2020-20741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-20741
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-20741
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202107-1797
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-20741
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-20741
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-20741
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-20741
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-20741 // JVNDB: JVNDB-2019-016595 // CNNVD: CNNVD-202107-1797 // NVD: CVE-2020-20741

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016595 // NVD: CVE-2020-20741

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1797

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-1797

PATCH

title:Advisory 2019-06url:https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdf

Trust: 0.8

title:Beckhoff Automation GmbH & Co. KG CX9020 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159166

Trust: 0.6

sources: JVNDB: JVNDB-2019-016595 // CNNVD: CNNVD-202107-1797

EXTERNAL IDS

db:NVDid:CVE-2020-20741

Trust: 3.3

db:JVNDBid:JVNDB-2019-016595

Trust: 0.8

db:CNNVDid:CNNVD-202107-1797

Trust: 0.6

db:VULMONid:CVE-2020-20741

Trust: 0.1

sources: VULMON: CVE-2020-20741 // JVNDB: JVNDB-2019-016595 // CNNVD: CNNVD-202107-1797 // NVD: CVE-2020-20741

REFERENCES

url:https://download.beckhoff.com/download/document/product-security/advisories/advisory-2019-006.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-20741

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-20741 // JVNDB: JVNDB-2019-016595 // CNNVD: CNNVD-202107-1797 // NVD: CVE-2020-20741

SOURCES

db:VULMONid:CVE-2020-20741
db:JVNDBid:JVNDB-2019-016595
db:CNNVDid:CNNVD-202107-1797
db:NVDid:CVE-2020-20741

LAST UPDATE DATE

2024-08-14T14:50:14.083000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-20741date:2021-08-09T00:00:00
db:JVNDBid:JVNDB-2019-016595date:2022-08-16T02:21:00
db:CNNVDid:CNNVD-202107-1797date:2021-08-17T00:00:00
db:NVDid:CVE-2020-20741date:2021-08-09T17:43:48.367

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-20741date:2021-07-23T00:00:00
db:JVNDBid:JVNDB-2019-016595date:2022-08-16T00:00:00
db:CNNVDid:CNNVD-202107-1797date:2021-07-23T00:00:00
db:NVDid:CVE-2020-20741date:2021-07-23T20:15:08.017