CVE-2020-8974

In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:*:*:*:*:*:*:*

cpe:2.3:h:zigor:zgr_tps200_ng:1.01:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.1~~	v2 : unknown v3 : 10.0
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng -

21 Oct 2022, 20:22

Type	Values Removed	Values Added
CWE		CWE-434
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
References	~~(CONFIRM) https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng -~~	(CONFIRM) https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng - Third Party Advisory, VDB Entry
CPE		cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:::::::* cpe:2.3:h:zigor:zgr_tps200_ng:1.01:::::::*

17 Oct 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-17 22:15

Updated : 2024-11-21 05:39

NVD link : CVE-2020-8974

Mitre link : CVE-2020-8974

CVE.ORG link : CVE-2020-8974

JSON object : View

Products Affected

zigor

zgr_tps200_ng_firmware
zgr_tps200_ng

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2020-8974", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-10-17T22:15:10.110", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng", "source": "cve-coordination@incibe.es"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable."}, {"lang": "es", "value": "En ZGR TPS200 NG versi\u00f3n de firmware 2.00 y la versi\u00f3n de hardware 1.01, el proceso de carga del firmware no lleva a cabo ning\u00fan tipo de restricci\u00f3n. Esto permite a un atacante modificarlo y volver a subirlo por medio de la web con modificaciones maliciosas, dejando el dispositivo inusable"}], "lastModified": "2024-11-21T05:39:45.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zigor:zgr_tps200_ng_firmware:2.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F42D21EF-7B57-43BB-8515-809E45880176"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zigor:zgr_tps200_ng:1.01:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABB13226-AA1F-4DA9-925D-832EFAC30748"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}