Details of VAR-202109-0005

ID

VAR-202109-0005

CVE

CVE-2020-12030

TITLE

Emerson WirelessHART Gateway Improper access control vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004483

DESCRIPTION

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. Emerson Provides Emerson WirelessHART Gateway Contains improper access control vulnerabilities. Emerson WirelessHART Gateway Is Emerson It is an industrial wireless gateway device provided by

Trust: 2.25

sources: NVD: CVE-2020-12030 // JVNDB: JVNDB-2020-004483 // CNVD: CNVD-2020-36949 // VULMON: CVE-2020-12030

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-36949

AFFECTED PRODUCTS

vendor:	emerson	model:	wireless 1552wu gateway	scope:	gte	version:	4.6.43	Trust: 1.0
vendor:	emerson	model:	wireless 1420 gateway	scope:	gte	version:	4.6.43	Trust: 1.0
vendor:	emerson	model:	wireless 1420 gateway	scope:	lte	version:	4.7.84	Trust: 1.0
vendor:	emerson	model:	wireless 1552wu gateway	scope:	lte	version:	4.7.84	Trust: 1.0
vendor:	emerson	model:	wireless 1410 gateway	scope:	lte	version:	4.7.84	Trust: 1.0
vendor:	emerson	model:	wireless 1410 gateway	scope:	gte	version:	4.6.43	Trust: 1.0
vendor:	emerson	model:	wireless 1410 gateway	scope:	eq	version:	revision 4.6.43 から 4.7.84	Trust: 0.8
vendor:	emerson	model:	wireless 1420 gateway	scope:	eq	version:	revision 4.6.43 から 4.7.84	Trust: 0.8
vendor:	emerson	model:	wireless 1552wu gateway	scope:	eq	version:	4.6.43 から 4.7.84	Trust: 0.8
vendor:	emerson	model:	electric wireless gateway	scope:	eq	version:	1410>=4.6.43,<=4.7.84	Trust: 0.6
vendor:	emerson	model:	electric wireless gateway	scope:	eq	version:	1420>=4.6.43,<=4.7.84	Trust: 0.6
vendor:	emerson	model:	electric wireless 1552wu gateway	scope:	gte	version:	4.6.43,<=4.7.84	Trust: 0.6

sources: CNVD: CNVD-2020-36949 // JVNDB: JVNDB-2020-004483 // NVD: CVE-2020-12030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12030
value:	CRITICAL
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-12030
value:	CRITICAL
Trust: 1.0
IPA:	JVNDB-2020-004483
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-36949
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202005-800
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-12030
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12030
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2020-36949
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-12030
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0
IPA score:	JVNDB-2020-004483
baseSeverity:	CRITICAL
baseScore:	10
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-36949 // VULMON: CVE-2020-12030 // JVNDB: JVNDB-2020-004483 // CNNVD: CNNVD-202005-800 // NVD: CVE-2020-12030 // NVD: CVE-2020-12030

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2020-12030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-800

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-800

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004483

PATCH

title:	emerson Wireless 1410 Gateway	url:	https://www.emerson.com/en-br/catalog/emerson-sku-1410-wireless-gateway	Trust: 0.8
title:	Patch for Multiple Emerson Electric products access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/225029	Trust: 0.6
title:	Multiple Emerson Electric Product access control error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118753	Trust: 0.6

sources: CNVD: CNVD-2020-36949 // JVNDB: JVNDB-2020-004483 // CNNVD: CNNVD-202005-800

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-20-135-02	Trust: 3.1
db:	NVD	id:	CVE-2020-12030	Trust: 3.1
db:	JVN	id:	JVNVU94025006	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004483	Trust: 0.8
db:	CNVD	id:	CNVD-2020-36949	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-800	Trust: 0.6
db:	VULMON	id:	CVE-2020-12030	Trust: 0.1

sources: CNVD: CNVD-2020-36949 // VULMON: CVE-2020-12030 // JVNDB: JVNDB-2020-004483 // CNNVD: CNNVD-202005-800 // NVD: CVE-2020-12030

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-135-02	Trust: 2.0
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12030	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu94025006	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12030	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-36949 // VULMON: CVE-2020-12030 // JVNDB: JVNDB-2020-004483 // CNNVD: CNNVD-202005-800 // NVD: CVE-2020-12030

SOURCES

db:	CNVD	id:	CNVD-2020-36949
db:	VULMON	id:	CVE-2020-12030
db:	JVNDB	id:	JVNDB-2020-004483
db:	CNNVD	id:	CNNVD-202005-800
db:	NVD	id:	CVE-2020-12030

LAST UPDATE DATE

2024-08-14T15:42:45.873000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-36949	date:	2020-07-09T00:00:00
db:	VULMON	id:	CVE-2020-12030	date:	2022-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-004483	date:	2020-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202005-800	date:	2022-07-11T00:00:00
db:	NVD	id:	CVE-2020-12030	date:	2022-07-08T18:20:47.457

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-36949	date:	2020-07-09T00:00:00
db:	VULMON	id:	CVE-2020-12030	date:	2021-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-004483	date:	2020-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202005-800	date:	2020-05-14T00:00:00
db:	NVD	id:	CVE-2020-12030	date:	2021-09-29T20:15:07.870