Vulnerability CVE-2020-9045
Published: 2020-05-21

Description:
During installation or upgrade to Software House C??CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

Type:

CWE-312

 (Cleartext Storage of Sensitive Information)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
TYCO -> Victor video management system 
Swhouse -> C-cure 9000 

 References:
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.us-cert.gov/ics/advisories/ICSA-20-142-01
Copyright 2024, cxsecurity.com

 

Back to Top