Vulnerability Details : CVE-2020-6982
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
Vulnerability category: Execute code
Products affected by CVE-2020-6982
- cpe:2.3:a:honeywell:win-pak:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-6982
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-6982
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-6982
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
-
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2020-6982
-
https://www.us-cert.gov/ics/advisories/icsa-20-056-05
Honeywell WIN-PAK | CISAThird Party Advisory;US Government Resource
Jump to