Vulnerabilities > CVE-2020-7000 - Insecure Storage of Sensitive Information vulnerability in Visam Vbase Editor and Vbase Web-Remote

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

visam

CWE-922

NVD

Published: 2020-04-03

Updated: 2020-04-06

Summary

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.

Vulnerable Configurations

Part	Description	Count
Application	Visam Visam Vbase WEB Remote - Visam Vbase Editor 11.5.0.2	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://www.us-cert.gov/ics/advisories/icsa-20-084-01