CVE-2020-10640
published 2022-02-24CVE-2020-10640: Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.99%
85.6th percentile
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | openenterprise_scada_server | <= 3.3.4 | — |
| emerson | openenterprise_scada_software | unspecified – 3.3.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-10640 exploits a missing authentication vulnerability in a specific communication service of Emerson OpenEnterprise SCADA Software, allowing arbitrary command execution with system privileges or remote code execution. Detection should focus on anomalous or unauthenticated connections to OpenEnterprise communication services. ↗
- →CVE-2020-10640 is remotely exploitable with no authentication, no user interaction, and no privileges required (CVSS AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Monitor for unexpected remote connections to OpenEnterprise SCADA systems, especially from outside the control network. ↗
- →Affected versions are all OpenEnterprise releases through 3.3.4. Inventory and flag any OpenEnterprise instances at or below version 3.3.4 as high-priority targets for patching and network isolation. ↗
- ·No known public exploits specifically target this vulnerability at the time of advisory publication. Detection opportunities are limited to behavioral/network anomaly monitoring rather than signature-based IOC matching. ↗
- ·The specific communication service exploited by CVE-2020-10640 is not named in the advisory, limiting the ability to write precise port- or service-level detection rules without further vendor documentation. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Emerson OpenEnterprise
cisa_ics·2020-05-20·CVSS 8.8
[HIGH] Emerson OpenEnterprise
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Emerson OpenEnterprise
Last RevisedMay 20, 2020
Alert CodeICSA-20-140-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Emerson
- Equipment: OpenEnterprise SCADA Software
- Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.
## 3. TECHNICAL DETA
GHSA
GHSA-xgxc-757p-24w9: Emerson OpenEnterprise versions through 3
ghsa_unreviewed·2022-02-25
CVE-2020-10640 [CRITICAL] CWE-306 GHSA-xgxc-757p-24w9: Emerson OpenEnterprise versions through 3
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-24
Published