CVE-2020-25195 Information

Description

The length of the input fields of Host Engineering H0-ECOM100 H2-ECOM100 and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server which may allow an attacker to bypass the check and send input to crash the device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5