← back
CVE-2020-25191

CVE-2020-25191

EPSS 1.1%CWE-732
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.1%KEV nãoPoC Patch
Lifecycle
11 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.
Affected products
n/a · CompactRIO

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us-cert.cisa.gov/ics/advisories/icsa-20-338-01