Overview
- Description
- The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- ics-cert@hq.dhs.gov
- CWE-326
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hornerautomation:rcc972:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0FF8A08F-B51C-419A-A74D-02F636C19DA9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hornerautomation:rcc972_firmware:15.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED633A76-0083-4FCB-8FF3-D0AF4CC58768"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]