CVE-2020-11496
Summary
| CVE | CVE-2020-11496 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-19 19:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. |
Risk And Classification
Problem Types: CWE-20 | CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Sprecher-automation | Sprecon-e | All | All | All | All |
| Operating System | Sprecher-automation | Sprecon-e | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sprecher Automation: IT Security | CONFIRM | www.sprecher-automation.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.