CVE-2020-7492 - OpenCVE

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Gp-pro Ex Firmware

Configuration 1 [-]

cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-133-01/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2020-06-16T19:07:45

Updated: 2020-06-16T19:07:45

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7492

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-16T20:15:14.177

Modified: 2020-06-24T13:49:53.340

Link: CVE-2020-7492

JSON object: View

Redhat Information

No data.

CWE

CWE-521

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:gp-pro_ex_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "300993CC-80A5-4534-A08C-ADC7E6C49B9F", "versionEndIncluding": "4.09.120", "versionStartIncluding": "1.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded."}, {"lang": "es", "value": "CWE-521: Se presenta una vulnerabilidad de Requisitos de Contrase\u00f1a D\u00e9biles en GP-Pro EX versiones V1.00 hasta V4.09.100, lo que podr\u00eda causar el descubrimiento de la contrase\u00f1a cuando el usuario ingresa la contrase\u00f1a porque no est\u00e1 enmascarada"}], "id": "CVE-2020-7492", "lastModified": "2020-06-24T13:49:53.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-16T20:15:14.177", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-521"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}