Overview
- Description
- An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- ics-cert@hq.dhs.gov
- CWE-250
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_x2d_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95C24E8F-B481-488B-AD36-C0D3965681A5",
"versionEndExcluding": "2020-01-01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_x2d:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "47289275-83A0-4501-8F11-491CA7D16AD8"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]