CVE-2020-28219

{"id": "CVE-2020-28219", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-12-11T01:15:11.860", "references": [{"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-02/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX."}, {"lang": "es", "value": "Una CWE-522: Se presenta una vulnerabilidad de Credenciales Insuficientemente Protegidas en EcoStruxure Geo SCADA Expert 2019 (versi\u00f3n original y Actualizaciones Mensuales hasta Septiembre de 2020, desde 81.7268.1 hasta 81.7578.1) y EcoStruxure Geo SCADA Expert 2020 (versi\u00f3n original y Actualizaciones Mensuales hasta Septiembre de 2020), desde 83.7551.1 hasta 83.7578.1), que podr\u00eda causar la exposici\u00f3n de las credenciales a los usuarios del lado del servidor cuando los usuarios web inician sesi\u00f3n en Virtual ViewX"}], "lastModified": "2020-12-16T18:57:53.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A09EFF5-C84A-4E86-ACC8-49F3225D851A", "versionEndIncluding": "81.7578.1", "versionStartIncluding": "81.7268.1"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F825CB53-AC99-4CD3-91F8-8D8198165E3A", "versionEndIncluding": "83.7578.1", "versionStartIncluding": "83.7551.1"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}