Learn about CVE-2020-12496 affecting Endress+Hauser Ecograph T and Memograph M devices with firmware version V2.0.0. Discover the impact, affected systems, and mitigation steps.
Endress+Hauser Ecograph T and Memograph M devices with firmware version V2.0.0 are vulnerable to exposing sensitive information to unauthorized users.
Understanding CVE-2020-12496
This CVE involves the exposure of sensitive data on specific Endress+Hauser devices due to a security flaw in the firmware.
What is CVE-2020-12496?
The vulnerability in Endress+Hauser Ecograph T and Memograph M devices allows unauthorized users to access sensitive information due to issues in the access-control matrix.
The Impact of CVE-2020-12496
The vulnerability has a CVSS base score of 6.5, indicating a medium severity issue with high confidentiality impact.
Technical Details of CVE-2020-12496
Endress+Hauser devices with firmware version V2.0.0 are affected by this vulnerability.
Vulnerability Description
The firmware allows unauthorized access to sensitive data due to a flawed access-control matrix.
Affected Systems and Versions
Exploitation Mechanism
Unauthorized users with low rights can access information from endpoints not meant for them.
Mitigation and Prevention
Endress+Hauser recommends specific measures to mitigate the vulnerability.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates
Endress+Hauser will not change the firmware behavior, so customers must implement the provided mitigation measures.