Vulnerabilities > CVE-2020-12030 - Unspecified vulnerability in Emerson products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

emerson

critical

NVD

Published: 2021-09-29

Updated: 2022-07-08

Summary

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.

Vulnerable Configurations

Part	Description	Count
OS	Emerson Emerson Wireless 1410 Gateway Firmware 4.6.43 Emerson Wireless 1410 Gateway Firmware 4.7.84 Emerson Wireless 1420 Gateway Firmware 4.6.43 Emerson Wireless 1420 Gateway Firmware 4.6.59 Emerson Wireless 1420 Gateway Firmware 4.7.84 Emerson Wireless 1552Wu Gateway Firmware 4.6.43 Emerson Wireless 1552Wu Gateway Firmware 4.7.84	7
Hardware	Emerson Emerson Wireless 1410 Gateway - Emerson Wireless 1420 Gateway - Emerson Wireless 1552Wu Gateway -	3

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02