CVE-2020-10636 (GCVE-0-2020-10636)

Vulnerability from cvelistv5 – Published: 2022-02-24 18:50 – Updated: 2025-04-16 16:44
VLAI?
Summary
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-326 - Inadequate Encryption Strength
Assigner
References
Impacted products
Vendor Product Version
Emerson OpenEnterprise SCADA Software Affected: unspecified , ≤ 3.3.4 (custom)
Create a notification for this product.
Credits
Roman Lozko of Kaspersky reported these vulnerabilities to Emerson.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-10636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:56:12.083899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:44:11.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenEnterprise SCADA Software",
          "vendor": "Emerson",
          "versions": [
            {
              "lessThanOrEqual": "3.3.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Roman Lozko of Kaspersky reported these vulnerabilities to Emerson."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T18:50:16.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.\n\nPlease send any questions via a SupportNet ticket or by contacting Emerson at US 800-537-9313. For users outside of the United States, please use international toll-free numbers."
        }
      ],
      "source": {
        "advisory": "ICSA-20-140-02",
        "discovery": "EXTERNAL"
      },
      "title": "ICSA-20-140-02 Emerson OpenEnterprise",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-10636",
          "STATE": "PUBLIC",
          "TITLE": "ICSA-20-140-02 Emerson OpenEnterprise"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenEnterprise SCADA Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "3.3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Emerson"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Roman Lozko of Kaspersky reported these vulnerabilities to Emerson."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-326: Inadequate Encryption Strength"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.\n\nPlease send any questions via a SupportNet ticket or by contacting Emerson at US 800-537-9313. For users outside of the United States, please use international toll-free numbers."
          }
        ],
        "source": {
          "advisory": "ICSA-20-140-02",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-10636",
    "datePublished": "2022-02-24T18:50:16.000Z",
    "dateReserved": "2020-03-16T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:44:11.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.4\", \"matchCriteriaId\": \"487C0A5E-5EAC-458F-B579-43B030736924\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.\"}, {\"lang\": \"es\", \"value\": \"Un cifrado inapropiado puede permitir obtener las contrase\\u00f1as de las cuentas de usuario de Emerson OpenEnterprise versiones hasta 3.3.4\"}]",
      "id": "CVE-2020-10636",
      "lastModified": "2024-11-21T04:55:44.777",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-24T19:15:08.653",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-326\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-326\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-10636\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-02-24T19:15:08.653\",\"lastModified\":\"2024-11-21T04:55:44.777\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.\"},{\"lang\":\"es\",\"value\":\"Un cifrado inapropiado puede permitir obtener las contrase\u00f1as de las cuentas de usuario de Emerson OpenEnterprise versiones hasta 3.3.4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.4\",\"matchCriteriaId\":\"487C0A5E-5EAC-458F-B579-43B030736924\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T11:06:10.560Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-10636\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:56:12.083899Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:56:16.076Z\"}}], \"cna\": {\"title\": \"ICSA-20-140-02 Emerson OpenEnterprise\", \"source\": {\"advisory\": \"ICSA-20-140-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Roman Lozko of Kaspersky reported these vulnerabilities to Emerson.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Emerson\", \"product\": \"OpenEnterprise SCADA Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.3.4\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.\\n\\nPlease send any questions via a SupportNet ticket or by contacting Emerson at US 800-537-9313. For users outside of the United States, please use international toll-free numbers.\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-326\", \"description\": \"CWE-326: Inadequate Encryption Strength\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-02-24T18:50:16.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Roman Lozko of Kaspersky reported these vulnerabilities to Emerson.\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"ICSA-20-140-02\", \"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"3.3.4\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"OpenEnterprise SCADA Software\"}]}, \"vendor_name\": \"Emerson\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.\\n\\nPlease send any questions via a SupportNet ticket or by contacting Emerson at US 800-537-9313. For users outside of the United States, please use international toll-free numbers.\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-326: Inadequate Encryption Strength\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-10636\", \"STATE\": \"PUBLIC\", \"TITLE\": \"ICSA-20-140-02 Emerson OpenEnterprise\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-10636\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:44:11.037Z\", \"dateReserved\": \"2020-03-16T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-02-24T18:50:16.000Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.