Vulnerability-Lookup

CNVD-2020-37480

Vulnerability from cnvd - Published: 2020-07-09

Title

Honeywell ControlEdge PLC和ControlEdge RTU信息泄露漏洞

Description

Honeywell ControlEdge PLC和ControlEdge RTU都是美国霍尼韦尔（Honeywell）公司的产品。ControlEdge PLC是一款可编程逻辑控制器（PLC）。ControlEdge RTU是一款远程终端单元（RTU）。 Honeywell ControlEdge PLC和RTU中存在信息泄露漏洞，攻击者可利用该漏洞获取未加密的密码。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.honeywell.com/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-175-02

Impacted products

Name
['Honeywell Honeywell ControlEdge PLC R130.2', 'Honeywell Honeywell ControlEdge PLC R140', 'Honeywell Honeywell ControlEdge PLC R150', 'Honeywell Honeywell ControlEdge PLC R151', 'Honeywell ControlEdge RTU R101', 'Honeywell ControlEdge RTU R110', 'Honeywell ControlEdge RTU R140', 'Honeywell ControlEdge RTU R150', 'Honeywell ControlEdge RTU R151']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-10628",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-10628"
    }
  },
  "description": "Honeywell ControlEdge PLC\u548cControlEdge RTU\u90fd\u662f\u7f8e\u56fd\u970d\u5c3c\u97e6\u5c14\uff08Honeywell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002ControlEdge PLC\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u3002ControlEdge RTU\u662f\u4e00\u6b3e\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff08RTU\uff09\u3002\n\nHoneywell ControlEdge PLC\u548cRTU\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u52a0\u5bc6\u7684\u5bc6\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.honeywell.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-37480",
  "openTime": "2020-07-09",
  "products": {
    "product": [
      "Honeywell Honeywell ControlEdge PLC R130.2",
      "Honeywell Honeywell ControlEdge PLC R140",
      "Honeywell Honeywell ControlEdge PLC R150",
      "Honeywell Honeywell ControlEdge PLC R151",
      "Honeywell ControlEdge RTU R101",
      "Honeywell ControlEdge RTU R110",
      "Honeywell ControlEdge RTU R140",
      "Honeywell ControlEdge RTU R150",
      "Honeywell ControlEdge RTU R151"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-24",
  "title": "Honeywell ControlEdge PLC\u548cControlEdge RTU\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-10628 (GCVE-0-2020-10628)

Vulnerability from cvelistv5 – Published: 2020-06-26 16:06 – Updated: 2024-08-04 11:06

Summary

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.

Severity ?

No CVSS data available.

CWE

CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

Assigner

icscert

References

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-20-175-02

x_refsource_MISC

Impacted products

Vendor

Product

Version

n/a

ControlEdge PLC

Affected: R130.2
Affected: R140
Affected: R150
Affected: R151

n/a

ControlEdge RTU

Affected: R101
Affected: R110
Affected: R140
Affected: R150
Affected: R151

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ControlEdge PLC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "R130.2"
            },
            {
              "status": "affected",
              "version": "R140"
            },
            {
              "status": "affected",
              "version": "R150"
            },
            {
              "status": "affected",
              "version": "R151"
            }
          ]
        },
        {
          "product": "ControlEdge RTU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "R101"
            },
            {
              "status": "affected",
              "version": "R110"
            },
            {
              "status": "affected",
              "version": "R140"
            },
            {
              "status": "affected",
              "version": "R150"
            },
            {
              "status": "affected",
              "version": "R151"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T16:06:26",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-10628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ControlEdge PLC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R130.2"
                          },
                          {
                            "version_value": "R140"
                          },
                          {
                            "version_value": "R150"
                          },
                          {
                            "version_value": "R151"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ControlEdge RTU",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R101"
                          },
                          {
                            "version_value": "R110"
                          },
                          {
                            "version_value": "R140"
                          },
                          {
                            "version_value": "R150"
                          },
                          {
                            "version_value": "R151"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-10628",
    "datePublished": "2020-06-26T16:06:26",
    "dateReserved": "2020-03-16T00:00:00",
    "dateUpdated": "2024-08-04T11:06:10.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-37480

CVE-2020-10628 (GCVE-0-2020-10628)

Tags

Sightings

Nomenclature