CVE-2020-25197
published 2022-03-18CVE-2020-25197: A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.98%
85.6th percentile
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | reason_rt43x_clocks | >= unspecified < 08A06 | 08A06 |
| ge | rt430_firmware | < 08a06 | 08a06 |
| ge | rt431_firmware | < 08a06 | 08a06 |
| ge | rt434_firmware | < 08a06 | 08a06 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE Reason RT43X Clocks
cisa_ics·2021-01-05·CVSS 5.3
[MEDIUM] GE Reason RT43X Clocks
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Reason RT43X Clocks
Last RevisedJanuary 05, 2021
Alert CodeICSA-21-005-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: GE
- Equipment: Reason RT43X Clocks
- Vulnerabilities: Code Injection, Use of Hard-coded Cryptographic Key
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary code on the system or intercept and decrypt encrypted traffic.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
GE reports the vulnerabilities aff
GHSA
GHSA-84hv-5mf8-83vj: A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06
ghsa_unreviewed·2022-03-19
CVE-2020-25197 [HIGH] CWE-94 GHSA-84hv-5mf8-83vj: A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-18
Published