CVE-2020-12030

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.

CVSS v3 10.0 CRITICAL
CVSS v2.0 6.8 MEDIUM

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:wireless_1410_gateway:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:emerson:wireless_1552wu_gateway_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:wireless_1552wu_gateway:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-09-29 20:15

Updated : 2022-07-08 18:20

NVD link : CVE-2020-12030

Mitre link : CVE-2020-12030

CVE.ORG link : CVE-2020-12030

JSON object : View

Products Affected

emerson

wireless_1410_gateway_firmware
wireless_1420_gateway
wireless_1552wu_gateway
wireless_1420_gateway_firmware
wireless_1410_gateway
wireless_1552wu_gateway_firmware

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2020-12030", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2021-09-29T20:15:07.870", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."}, {"lang": "es", "value": "Se presenta un fallo en el c\u00f3digo usado para configurar el firewall del gateway interno cuando la funci\u00f3n VLAN del gateway est\u00e1 activada. Si un usuario habilita la configuraci\u00f3n de la VLAN, el firewall del gateway interna se desactiva, resultando en una exposici\u00f3n de todos los puertos usados por el gateway"}], "lastModified": "2022-07-08T18:20:47.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8889B23B-B3B7-4B0C-AEB8-4B4857BA8D30", "versionEndIncluding": "4.7.84", "versionStartIncluding": "4.6.43"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DF1A7F9-86E8-4B21-9C98-2E3E0AE3BBBB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25464141-5AE4-48CA-8719-E2B8A170D858", "versionEndIncluding": "4.7.84", "versionStartIncluding": "4.6.43"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:wireless_1552wu_gateway_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E3AAECD-1129-48A8-991B-911CCBA28CDA", "versionEndIncluding": "4.7.84", "versionStartIncluding": "4.6.43"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:wireless_1552wu_gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C7A8A69-4F11-4AF0-9F64-80E34DB4C46E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}