CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14512 – USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916
https://notcve.org/view.php?id=CVE-2020-14512
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. GateManager versiones anteriores a 9.2c, el producto afectado usa un tipo de hash débil, que puede permitir a un atacante visualizar las contraseñas de los usuarios • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14510 – OFF-BY-ONE ERROR CWE-193
https://notcve.org/view.php?id=CVE-2020-14510
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. GateManager versiones anteriores a 9.2c, el producto afectado contiene una credencial embebida para telnet, lo que permite a un atacante no privilegiado ejecutar comandos como root • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-193: Off-by-one Error CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14508 – OFF-BY-ONE ERROR CWE-193
https://notcve.org/view.php?id=CVE-2020-14508
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. GateManager versiones anteriores a 9.2c, el producto afectado es vulnerable a un error por un paso, que puede permitir a un atacante ejecutar remotamente código arbitrario o causar una condición de denegación de servicio • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14500 – IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
https://notcve.org/view.php?id=CVE-2020-14500
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Secomea GateManager todas las versiones anteriores a 9.2c, un atacante puede enviar un valor negativo y sobrescribir datos arbitrarios • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-476: NULL Pointer Dereference •