{"containers": {"cna": {"affected": [{"product": "Wireless 1410 Gateway", "vendor": "Emerson", "versions": [{"lessThanOrEqual": "4.7.84", "status": "affected", "version": "4.6.43", "versionType": "custom"}]}, {"product": "Wireless 1420 Gateway", "vendor": "Emerson", "versions": [{"lessThanOrEqual": "4.7.84", "status": "affected", "version": "4.6.43", "versionType": "custom"}]}, {"product": "Wireless 1552WU Gateway", "vendor": "Emerson", "versions": [{"lessThanOrEqual": "4.7.84", "status": "affected", "version": "4.6.43", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution."}], "descriptions": [{"lang": "en", "value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": " IMPROPER ACCESS CONTROL CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-29T19:36:38", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"}], "solutions": [{"lang": "en", "value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information."}], "source": {"discovery": "UNKNOWN"}, "title": "Emerson WirelessHART Gateway", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12030", "STATE": "PUBLIC", "TITLE": "Emerson WirelessHART Gateway"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Wireless 1410 Gateway", "version": {"version_data": [{"version_affected": "<=", "version_name": "4.6.43", "version_value": "4.7.84"}]}}, {"product_name": "Wireless 1420 Gateway", "version": {"version_data": [{"version_affected": "<=", "version_name": "4.6.43", "version_value": "4.7.84"}]}}, {"product_name": "Wireless 1552WU Gateway", "version": {"version_data": [{"version_affected": "<=", "version_name": "4.6.43", "version_value": "4.7.84"}]}}]}, "vendor_name": "Emerson"}]}}, "credit": [{"lang": "eng", "value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": " IMPROPER ACCESS CONTROL CWE-284"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"}]}, "solution": [{"lang": "en", "value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:48:57.679Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12030", "datePublished": "2021-09-29T19:36:38", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.679Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8889B23B-B3B7-4B0C-AEB8-4B4857BA8D30", "versionEndIncluding": "4.7.84", "versionStartIncluding": "4.6.43", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DF1A7F9-86E8-4B21-9C98-2E3E0AE3BBBB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25464141-5AE4-48CA-8719-E2B8A170D858", "versionEndIncluding": "4.7.84", "versionStartIncluding": "4.6.43", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emerson:wireless_1552wu_gateway_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E3AAECD-1129-48A8-991B-911CCBA28CDA", "versionEndIncluding": "4.7.84", "versionStartIncluding": "4.6.43", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:emerson:wireless_1552wu_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C7A8A69-4F11-4AF0-9F64-80E34DB4C46E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."}, {"lang": "es", "value": "Se presenta un fallo en el c\u00f3digo usado para configurar el firewall del gateway interno cuando la funci\u00f3n VLAN del gateway est\u00e1 activada. Si un usuario habilita la configuraci\u00f3n de la VLAN, el firewall del gateway interna se desactiva, resultando en una exposici\u00f3n de todos los puertos usados por el gateway"}], "id": "CVE-2020-12030", "lastModified": "2024-11-21T04:59:08.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-29T20:15:07.870", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}