CVE-2020-12017
Last modified
CVE-2020-12017 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. EPSS estimates a 2.33% chance of exploitation in the next 30 days.
Description
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ge | Rt430 Firmware | < 08a05 |
| Ge | Rt431 Firmware | < 08a05 |
| Ge | Rt434 Firmware | < 08a05 |
References
- https://www.us-cert.gov/ics/advisories/icsa-20-154-05Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-154-05Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12017?
How severe is CVE-2020-12017?
How do I fix CVE-2020-12017?
Are you affected by CVE-2020-12017?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST