CVE-2020-12030
CVE-2020-12030
10.0
CriticalPublished:
Last updated:
Source:ics-cert@hq.dhs.gov
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
References
ics-cert@hq.dhs.gov
https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02af854a3a-2127-422b-91ae-364da2661108
https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02