VDE-2021-042
Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2021-10-18 08:24 - Updated: 2025-05-14 13:00Summary
Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities
Notes
Summary:
The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.
Mitigation: Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.
7.5 (High)
Mitigation
Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.
- Do not directly connect the affected products to the internet.
- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).
References
Acknowledgments
CERT@VDE
certvde.com
Forescout Technologies, Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Forescout Technologies, Inc.",
"summary": "discovery and reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "\nThe Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.",
"title": "Summary"
},
{
"category": "description",
"text": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@weidmueller.com",
"name": "Weidmueller Interface GmbH \u0026 Co. KG",
"namespace": "https://www.weidmueller.com"
},
"references": [
{
"category": "external",
"summary": "Weidmueller advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/weidmueller/"
},
{
"category": "self",
"summary": "VDE-2021-042: Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-042"
},
{
"category": "self",
"summary": "VDE-2021-042: Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities - CSAF",
"url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-042.json"
}
],
"title": "Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-042"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-04-10T07:47:57.803Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2021-042",
"initial_release_date": "2021-10-18T08:24:00.000Z",
"revision_history": [
{
"date": "2021-10-18T08:24:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-04-10T07:45:00.000Z",
"number": "2",
"summary": "Fix: change vendor in product tree"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "UR20-FBC-CAN",
"product": {
"name": "UR20-FBC-CAN",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1334890000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-CC",
"product": {
"name": "UR20-FBC-CC",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2625010000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-CC-TSN",
"product": {
"name": "UR20-FBC-CC-TSN",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2680260000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-DN",
"product": {
"name": "UR20-FBC-DN",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1334900000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EC",
"product": {
"name": "UR20-FBC-EC",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1334910000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EC-ECO",
"product": {
"name": "UR20-FBC-EC-ECO",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2659690000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-EIP",
"product": {
"name": "UR20-FBC-EIP",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1334920000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-IEC61162-450",
"product": {
"name": "UR20-FBC-IEC61162-450",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2661310000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-MOD-TCP-ECO",
"product": {
"name": "UR20-FBC-MOD-TCP-ECO",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2659700000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-MOD-TCP-V2",
"product": {
"name": "UR20-FBC-MOD-TCP-V2",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2476450000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PB-DP-V2",
"product": {
"name": "UR20-FBC-PB-DP-V2",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2614380000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PL",
"product": {
"name": "UR20-FBC-PL",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"1334940000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PN-ECO",
"product": {
"name": "UR20-FBC-PN-ECO",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2659680000"
]
}
}
},
{
"category": "product_name",
"name": "UR20-FBC-PN-IRT-V2",
"product": {
"name": "UR20-FBC-PN-IRT-V2",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2566380000"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=01.00.00",
"product": {
"name": "Firmware \u003c=01.00.00",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.00.01",
"product": {
"name": "Firmware \u003c=01.00.01",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.00.02",
"product": {
"name": "Firmware \u003c=01.00.02",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.01.00",
"product": {
"name": "Firmware \u003c=01.01.00",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.02.01",
"product": {
"name": "Firmware \u003c=01.02.01",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.08.00",
"product": {
"name": "Firmware \u003c=01.08.00",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.10.00",
"product": {
"name": "Firmware \u003c=01.10.00",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.11.00",
"product": {
"name": "Firmware \u003c=01.11.00",
"product_id": "CSAFPID-21008"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.12.00",
"product": {
"name": "Firmware \u003c=01.12.00",
"product_id": "CSAFPID-21009"
}
},
{
"category": "product_version_range",
"name": "\u003c=02.08.01",
"product": {
"name": "Firmware \u003c=02.08.01",
"product_id": "CSAFPID-21010"
}
},
{
"category": "product_version_range",
"name": "\u003c=02.11.00",
"product": {
"name": "Firmware \u003c=02.11.00",
"product_id": "CSAFPID-21011"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Weidmueller"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-CAN",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.02 installed on UR20-FBC-CC",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.02.01 installed on UR20-FBC-CC-TSN",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-DN",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.12.00 installed on UR20-FBC-EC",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.01 installed on UR20-FBC-EC-ECO",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.11.00 installed on UR20-FBC-EIP",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.01.00 installed on UR20-FBC-IEC61162-450",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.00 installed on UR20-FBC-MOD-TCP-ECO",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=02.08.01 installed on UR20-FBC-MOD-TCP-V2",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21010",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.10.00 installed on UR20-FBC-PB-DP-V2",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.00 installed on UR20-FBC-PL",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.00.02 installed on UR20-FBC-PN-ECO",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.11.00 installed on UR20-FBC-PN-IRT-V2",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11014"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31401",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn\u0027t sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2021-31401"
},
{
"cve": "CVE-2020-35684",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2020-35684"
},
{
"cve": "CVE-2020-35683",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidm\u00fcller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.\n\n- Do not directly connect the affected products to the internet.\n- Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).\n- Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2020-35683"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…