Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-20741

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.

Published

2021-07-23T20:15:08.017

Last Modified

2024-11-21T05:12:15.890

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	beckhoff	cx9020	6.02	Yes

References

https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdf Mitigation, Patch, Vendor Advisory ([email protected])
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdf Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)