CVE-2020-14520 - The affected product is vulnerable to an information leak, which may allow an attacker to obtain sen

CVE-2020-14520

Summary

The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01

Vulnerable Configurations

cpe:2.3:a:inductiveautomation:ignition_gateway:8.0:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:8.0.12:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-08-2020 - 17:04)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01

Last major update

11-08-2020 - 17:04

Published

31-07-2020 - 13:15

Last modified

11-08-2020 - 17:04