CVE-2020-12493 | An open port used for debugging in SWARCOs CPU LS4000 Series… | CVSS 10.0 CRITICAL

Description

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

Metadata

CVE ID: CVE-2020-12493
State: PUBLISHED
Assigner: CERTVDE
Reserved: 2020-04-30 00:00 UTC
Published: 2020-05-29 17:27 UTC
Last updated: 2024-09-17 01:16 UTC
Primary CWE: CWE-284
CWE-284 Improper Access Control
Vendor / Product: SWARCO / CPU LS4000
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
SWARCO	CPU LS4000	all	Operating System G4...

Weakness (CWE)

CWE	Source	Description
CWE-284	cna	CWE-284 Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (1)

https://cert.vde.com/de-de/advisories/vde-2020-016