CVE-2020-20741
Last modified
CVE-2020-20741 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.. EPSS estimates a 1.56% chance of exploitation in the next 30 days.
Description
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Beckhoff | Cx9020 | 6.02 | Build 4016.6 |
References
- https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdfMitigation, Patch, Vendor Advisory
- https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdfMitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-20741?
How severe is CVE-2020-20741?
How do I fix CVE-2020-20741?
Are you affected by CVE-2020-20741?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST