CVE-2020-12495 : What You Need to Know

Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management.

Understanding CVE-2020-12495

This CVE involves a vulnerability in Endress+Hauser Ecograph T devices with specific firmware versions, leading to improper privilege management.

What is CVE-2020-12495?

The vulnerability allows users with fewer rights to be assigned higher privileges when logging into the affected device due to incorrect session closure.

The Impact of CVE-2020-12495

CVSS Base Score: 9.1 (Critical)
Attack Vector: Network
Integrity Impact: High
Availability Impact: High

Technical Details of CVE-2020-12495

Endress+Hauser Ecograph T devices with firmware version 1.x are affected by this vulnerability.

Vulnerability Description

The issue arises from improper privilege management, where user sessions are not correctly closed, leading to privilege escalation.

Affected Systems and Versions

Affected Products: RSG35 - Ecograph T, ORSG35 - Ecograph T Neutral/Private Label
Vendor: Endress+Hauser
Vulnerable Versions: Firmware version prior to V2.0.0

Exploitation Mechanism

The vulnerability occurs due to the incorrect assignment of user privileges upon login, allowing users to gain unauthorized access.

Mitigation and Prevention

It is crucial to take immediate steps to address and prevent exploitation of this vulnerability.

Immediate Steps to Take

Configure a perimeter firewall to block traffic from untrusted networks and users.
Change default passwords for operator, service, and admin accounts.

Long-Term Security Practices

Regularly update firmware to the latest version.
Implement role-based access control to restrict user privileges.

Patching and Updates

Endress+Hauser will not change the behavior causing this vulnerability. Customers are advised to follow the provided Temporary Fix / Mitigation measures.