Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-26201

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Feb, 2025 | 00:00
Updated At-24 Feb, 2025 | 17:15
Rejected At-
Credits

Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Feb, 2025 | 00:00
Updated At:24 Feb, 2025 | 17:15
Rejected At:
â–¼CVE Numbering Authority (CNA)

Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://greaterwms.com
N/A
https://github.com/Elymaro/CVE/blob/main/GreaterWMS/CVE-2025-26201.md
N/A
https://github.com/GreaterWMS/GreaterWMS/issues/383
N/A
Hyperlink: http://greaterwms.com
Resource: N/A
Hyperlink: https://github.com/Elymaro/CVE/blob/main/GreaterWMS/CVE-2025-26201.md
Resource: N/A
Hyperlink: https://github.com/GreaterWMS/GreaterWMS/issues/383
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-294CWE-294 Authentication Bypass by Capture-replay
Type: CWE
CWE ID: CWE-294
Description: CWE-294 Authentication Bypass by Capture-replay
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Feb, 2025 | 17:15
Updated At:24 Feb, 2025 | 18:15

Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-294Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-294
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://greaterwms.comcve@mitre.org
N/A
https://github.com/Elymaro/CVE/blob/main/GreaterWMS/CVE-2025-26201.mdcve@mitre.org
N/A
https://github.com/GreaterWMS/GreaterWMS/issues/383cve@mitre.org
N/A
Hyperlink: http://greaterwms.com
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/Elymaro/CVE/blob/main/GreaterWMS/CVE-2025-26201.md
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/GreaterWMS/GreaterWMS/issues/383
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2021-41030
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.48%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 17:51
Updated-25 Oct, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlient_enterprise_management_serverFortinet FortiClientEMS
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2023-2846
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 24.71%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 04:05
Updated-05 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass Vulnerability in MELSEC-F Series main module

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-fx3g-40mt\/es_firmwarefx3uc-16mt\/d-p4_firmwarefx3u-48mr\/dsfx3u-48mt\/es-afx3u-32mr\/es-afx3u-48mr\/ds_firmwarefx3u-128mr\/es-afx3u-80mt\/dss_firmwarefx3uc-32mt-lt-2_firmwarefx3u-16mt\/dss_firmwarefx3s-10mt\/es_firmwarefx3s-10mt\/dssfx3u-32mr\/dsfx3u-128mt\/es-afx3u-32mt\/dsfx3g-24mt\/es_firmwarefx3s-20mt\/dsfx3u-80mt\/esfx3s-14mt\/dssfx3s-10mt\/dss_firmwarefx3sa-10mr-cmfx3g-14mr\/es-a_firmwarefx3u-16mr\/es-afx3uc-16mt\/dfx3g-24mt\/essfx3ge-24mr\/es_firmwarefx3s-20mt\/dss_firmwarefx3s-30mt\/ess-2ad_firmwarefx3u-64mt\/essfx3uc-32mt\/dss_firmwarefx3u-128mt\/es_firmwarefx3s-20mt\/es_firmwarefx3u-80mr\/es-afx3g-40mt\/ess_firmwarefx3u-32ms\/es_firmwarefx3g-40mt\/essfx3s-10mt\/ess_firmwarefx3u-64mr\/ua1_firmwarefx3g-24mt\/dss_firmwarefx3s-20mt\/esfx3u-32mr\/ua1fx3u-128mr\/es_firmwarefx3uc-16mt\/d_firmwarefx3s-10mt\/esfx3u-32mr\/ds_firmwarefx3g-14mt\/essfx3u-16mt\/esfx3ga-40mt-cm_firmwarefx3g-60mr\/es-a_firmwarefx3s-14mr\/ds_firmwarefx3ge-40mr\/esfx3ge-40mr\/dsfx3s-30mt\/es_firmwarefx3u-32mt\/es_firmwarefx3u-16mr\/ds_firmwarefx3s-14mt\/esfx3uc-64mt\/dss_firmwarefx3ge-24mr\/esfx3u-32mr\/es-a_firmwarefx3u-80mt\/dsfx3u-32mt\/es-afx3ge-24mt\/essfx3uc-96mt\/dss_firmwarefx3sa-14mt-cm_firmwarefx3ge-24mr\/ds_firmwarefx3g-60mr\/dsfx3g-40mr\/dsfx3g-14mr\/es-afx3u-16mt\/es_firmwarefx3ga-40mt-cmfx3s-20mr\/ds_firmwarefx3ge-40mr\/es_firmwarefx3ge-24mt\/dss_firmwarefx3u-16mr\/dsfx3s-10mr\/es_firmwarefx3sa-30mr-cm_firmwarefx3ge-40mt\/essfx3sa-20mt-cmfx3uc-96mt\/d_firmwarefx3uc-16mr\/ds-t_firmwarefx3sa-20mr-cm_firmwarefx3g-24mt\/es-a_firmwarefx3u-128mr\/es-a_firmwarefx3g-14mr\/dsfx3g-60mt\/es-a_firmwarefx3u-32mt\/ess_firmwarefx3u-80mr\/ds_firmwarefx3ga-60mt-cmfx3s-14mt\/essfx3uc-32mt\/dssfx3uc-16mr\/ds-tfx3u-16mt\/es-a_firmwarefx3u-32mt\/dss_firmwarefx3g-24mt\/ds_firmwarefx3g-40mr\/es-a_firmwarefx3s-10mr\/dsfx3uc-16mt\/d-p4fx3u-48mt\/ds_firmwarefx3uc-16mt\/dss-p4fx3u-64mt\/es_firmwarefx3sa-14mr-cmfx3u-16mr\/esfx3u-48mr\/esfx3uc-32mt-ltfx3sa-30mr-cmfx3s-30mt\/ds_firmwarefx3u-48mt\/dssfx3g-24mt\/ess_firmwarefx3u-80mt\/es-a_firmwarefx3u-80mt\/es-afx3g-60mt\/essfx3uc-16mr\/d-t_firmwarefx3u-80mr\/dsfx3s-10mt\/dsfx3u-16mt\/ess_firmwarefx3u-64mt\/ds_firmwarefx3u-64mr\/ds_firmwarefx3u-48mr\/es_firmwarefx3uc-64mt\/dfx3u-64ms\/esfx3s-14mt\/es_firmwarefx3ge-40mr\/ds_firmwarefx3g-60mt\/esfx3g-40mt\/dssfx3g-60mt\/es_firmwarefx3u-48mr\/es-a_firmwarefx3ge-24mt\/es_firmwarefx3s-30mt\/dssfx3u-128mr\/esfx3g-14mt\/ds_firmwarefx3u-48mt\/essfx3u-64mr\/es-a_firmwarefx3gc-32mt\/dssfx3u-16mt\/es-afx3u-64mr\/es-afx3g-40mt\/dss_firmwarefx3u-64mt\/dss_firmwarefx3ge-24mr\/dsfx3sa-10mr-cm_firmwarefx3sa-14mt-cmfx3u-64mt\/dssfx3ge-24mt\/esfx3ge-24mt\/ds_firmwarefx3ge-40mt\/ess_firmwarefx3s-30mr\/ds_firmwarefx3g-14mt\/ess_firmwarefx3u-48mt\/esfx3g-14mt\/es-a_firmwarefx3u-80mr\/es_firmwarefx3u-48mt\/dsfx3g-24mr\/dsfx3s-10mt\/ds_firmwarefx3s-14mr\/dsfx3s-20mr\/dsfx3ge-24mt\/dssfx3uc-16mt\/dssfx3ge-40mt\/dssfx3ga-40mr-cmfx3u-32mt\/es-a_firmwarefx3s-30mr\/dsfx3sa-30mt-cm_firmwarefx3s-20mt\/ess_firmwarefx3s-30mt\/es-2adfx3u-32mr\/esfx3s-20mt\/ds_firmwarefx3s-30mt\/esfx3g-40mt\/es-a_firmwarefx3sa-10mt-cm_firmwarefx3u-48mt\/es-a_firmwarefx3g-14mr\/ds_firmwarefx3sa-20mr-cmfx3g-14mt\/dsfx3g-60mr\/ds_firmwarefx3s-30mt\/essfx3g-24mt\/dssfx3ge-40mt\/esfx3s-14mt\/dss_firmwarefx3s-30mt\/ess-2adfx3s-14mt\/dsfx3g-40mr\/es_firmwarefx3uc-32mt\/dfx3uc-96mt\/dfx3u-64mt\/dsfx3u-48mt\/ess_firmwarefx3u-80mt\/ds_firmwarefx3u-64ms\/es_firmwarefx3ga-60mt-cm_firmwarefx3g-24mt\/es-afx3g-14mr\/es_firmwarefx3ge-24mt\/dsfx3u-80mr\/es-a_firmwarefx3sa-20mt-cm_firmwarefx3s-30mr\/esfx3s-14mt\/ess_firmwarefx3u-128mt\/ess_firmwarefx3u-80mt\/ess_firmwarefx3s-30mt\/dsfx3s-30mt\/dss_firmwarefx3uc-32mt\/d_firmwarefx3s-30mt\/ess_firmwarefx3g-60mr\/es-afx3g-14mt\/es-afx3u-64mt\/ess_firmwarefx3s-20mr\/esfx3ge-40mt\/dss_firmwarefx3u-32ms\/esfx3u-48mt\/dss_firmwarefx3ga-24mt-cm_firmwarefx3u-64mr\/es_firmwarefx3s-14mr\/esfx3uc-16mr\/d-tfx3uc-16mt\/dss_firmwarefx3u-32mr\/es_firmwarefx3g-40mt\/esfx3u-64mr\/esfx3g-40mr\/ds_firmwarefx3g-40mt\/ds_firmwarefx3g-60mr\/es_firmwarefx3u-128mt\/es-a_firmwarefx3g-14mt\/dssfx3u-48mr\/es-afx3uc-64mt\/dssfx3g-14mt\/esfx3u-32mt\/esfx3u-32mr\/ua1_firmwarefx3ge-24mt\/ess_firmwarefx3g-24mr\/es-afx3g-14mr\/esfx3g-24mr\/ds_firmwarefx3ga-60mr-cmfx3ge-40mt\/ds_firmwarefx3u-64mr\/dsfx3s-30mt\/es-2ad_firmwarefx3u-80mt\/es_firmwarefx3u-128mt\/esfx3g-40mt\/dsfx3uc-16mt\/dss-p4_firmwarefx3g-60mr\/esfx3g-24mt\/dsfx3u-64mt\/esfx3s-10mt\/essfx3s-10mr\/ds_firmwarefx3g-40mr\/es-afx3u-32mt\/dssfx3u-64mr\/ua1fx3gc-32mt\/dss_firmwarefx3u-80mt\/essfx3u-16mt\/dsfx3u-16mt\/ds_firmwarefx3s-30mr\/es-2ad_firmwarefx3g-60mt\/dss_firmwarefx3g-24mt\/esfx3sa-30mt-cmfx3u-16mt\/dssfx3s-20mt\/essfx3uc-32mt-lt-2fx3g-60mt\/dssfx3ga-60mr-cm_firmwarefx3gc-32mt\/dfx3g-40mt\/es-afx3s-30mr\/es_firmwarefx3u-128mt\/essfx3s-20mt\/dssfx3g-40mr\/esfx3s-14mt\/ds_firmwarefx3u-80mt\/dssfx3ga-24mt-cmfx3ga-24mr-cm_firmwarefx3gc-32mt\/d_firmwarefx3sa-10mt-cmfx3u-48mt\/es_firmwarefx3ga-24mr-cmfx3g-24mr\/es-a_firmwarefx3u-32mt\/ds_firmwarefx3ge-40mt\/dsfx3ga-40mr-cm_firmwarefx3ge-40mt\/es_firmwarefx3u-64mt\/es-afx3u-16mt\/essfx3u-64mt\/es-a_firmwarefx3g-14mt\/dss_firmwarefx3g-60mt\/ess_firmwarefx3g-14mt\/es_firmwarefx3sa-14mr-cm_firmwarefx3g-24mr\/es_firmwarefx3u-16mr\/es_firmwarefx3s-14mr\/es_firmwarefx3uc-64mt\/d_firmwarefx3uc-32mt-lt_firmwarefx3uc-96mt\/dssfx3g-24mr\/esfx3g-60mt\/dsfx3u-80mr\/esfx3u-16mr\/es-a_firmwarefx3g-60mt\/es-afx3g-60mt\/ds_firmwarefx3s-10mr\/esfx3s-20mr\/es_firmwarefx3s-30mr\/es-2adfx3u-32mt\/essMELSEC-F Series FX3UC-64MT/DSSMELSEC-F Series FX3U-80MT/ES-AMELSEC-F Series FX3GE-24MR/DSMELSEC-F Series FX3UC-32MT-LT-2MELSEC-F Series FX3G-14MR/ES-AMELSEC-F Series FX3U-64MS/ESMELSEC-F Series FX3G-40MR/ESMELSEC-F Series FX3U-48MT/DSMELSEC-F Series FX3GE-24MT/ESSMELSEC-F Series FX3U-64MT/ESMELSEC-F Series FX3GA-40MR-CMMELSEC-F Series FX3U-16MT/DSSMELSEC-F Series FX3U-32MT/DSMELSEC-F Series FX3U-64MT/ESSMELSEC-F Series FX3U-16MT/DSMELSEC-F Series FX3G-24MT/ESSMELSEC-F Series FX3S-30MT/ESS-2ADMELSEC-F Series FX3U-64MR/ES-AMELSEC-F Series FX3GA-24MR-CMMELSEC-F Series FX3UC-16MT/D-P4MELSEC-F Series FX3U-48MR/ESMELSEC-F Series FX3U-16MR/DSMELSEC-F Series FX3G-24MT/DSMELSEC-F Series FX3S-14MR/DSMELSEC-F Series FX3UC-64MT/DMELSEC-F Series FX3S-30MT/DSSMELSEC-F Series FX3U-128MR/ESMELSEC-F Series FX3S-20MR/DSMELSEC-F Series FX3SA-30MR-CMMELSEC-F Series FX3G-14MT/ESMELSEC-F Series FX3S-30MR/DSMELSEC-F Series FX3U-64MT/ES-AMELSEC-F Series FX3G-14MT/DSMELSEC-F Series FX3GA-60MR-CMMELSEC-F Series FX3S-30MR/ES-2ADMELSEC-F Series FX3S-30MT/ESSMELSEC-F Series FX3G-40MT/ESMELSEC-F Series FX3UC-16MR/D-TMELSEC-F Series FX3U-16MT/ESSMELSEC-F Series FX3G-14MR/ESMELSEC-F Series FX3SA-14MR-CMMELSEC-F Series FX3UC-32MT-LTMELSEC-F Series FX3GA-60MT-CMMELSEC-F Series FX3G-60MT/ESSMELSEC-F Series FX3U-80MT/DSSMELSEC-F Series FX3S-30MR/ESMELSEC-F Series FX3S-20MT/ESMELSEC-F Series FX3U-16MT/ES-AMELSEC-F Series FX3U-64MT/DSMELSEC-F Series FX3G-40MT/DSMELSEC-F Series FX3U-32MT/ESSMELSEC-F Series FX3GE-40MR/DSMELSEC-F Series FX3S-30MT/ES-2ADMELSEC-F Series FX3S-10MR/DSMELSEC-F Series FX3U-80MT/ESMELSEC-F Series FX3G-40MT/ESSMELSEC-F Series FX3U-80MT/DSMELSEC-F Series FX3U-32MR/ES-AMELSEC-F Series FX3U-128MT/ES-AMELSEC-F Series FX3UC-32MT/DSSMELSEC-F Series FX3U-16MR/ESMELSEC-F Series FX3U-128MR/ES-AMELSEC-F Series FX3UC-96MT/DMELSEC-F Series FX3G-60MT/ES-AMELSEC-F Series FX3S-20MR/ESMELSEC-F Series FX3G-40MR/ES-AMELSEC-F Series FX3GA-40MT-CMMELSEC-F Series FX3GE-40MT/DSMELSEC-F Series FX3G-40MT/DSSMELSEC-F Series FX3U-48MR/DSMELSEC-F Series FX3UC-16MT/DMELSEC-F Series FX3G-14MR/DSMELSEC-F Series FX3U-128MT/ESSMELSEC-F Series FX3G-24MR/ES-AMELSEC-F Series FX3S-20MT/ESSMELSEC-F Series FX3SA-14MT-CMMELSEC-F Series FX3G-40MT/ES-AMELSEC-F Series FX3GE-40MR/ESMELSEC-F Series FX3S-10MT/ESSMELSEC-F Series FX3U-128MT/ESMELSEC-F Series FX3U-64MR/ESMELSEC-F Series FX3GE-24MT/DSMELSEC-F Series FX3U-32MT/DSSMELSEC-F Series FX3S-14MR/ESMELSEC-F Series FX3S-14MT/DSSMELSEC-F Series FX3S-20MT/DSMELSEC-F Series FX3U-16MR/ES-AMELSEC-F Series FX3UC-16MT/DSS-P4MELSEC-F Series FX3U-64MR/DSMELSEC-F Series FX3U-48MT/DSSMELSEC-F Series FX3GE-40MT/ESSMELSEC-F Series FX3G-24MT/ESMELSEC-F Series FX3SA-20MR-CMMELSEC-F Series FX3GA-24MT-CMMELSEC-F Series FX3G-14MT/ESSMELSEC-F Series FX3UC-96MT/DSSMELSEC-F Series FX3S-10MR/ESMELSEC-F Series FX3GE-40MT/ESMELSEC-F Series FX3G-60MT/ESMELSEC-F Series FX3U-32MS/ESMELSEC-F Series FX3GE-40MT/DSSMELSEC-F Series FX3U-48MT/ES-AMELSEC-F Series FX3SA-30MT-CMMELSEC-F Series FX3G-24MR/ESMELSEC-F Series FX3G-60MT/DSMELSEC-F Series FX3U-64MR/UA1MELSEC-F Series FX3S-30MT/DSMELSEC-F Series FX3G-14MT/ES-AMELSEC-F Series FX3S-10MT/DSSMELSEC-F Series FX3U-48MT/ESSMELSEC-F Series FX3U-32MT/ES-AMELSEC-F Series FX3U-32MR/DSMELSEC-F Series FX3S-20MT/DSSMELSEC-F Series FX3GE-24MT/ESMELSEC-F Series FX3U-32MT/ESMELSEC-F Series FX3S-14MT/DSMELSEC-F Series FX3SA-10MR-CMMELSEC-F Series FX3S-14MT/ESSMELSEC-F Series FX3G-40MR/DSMELSEC-F Series FX3GE-24MR/ESMELSEC-F Series FX3U-32MR/UA1MELSEC-F Series FX3G-24MR/DSMELSEC-F Series FX3G-60MR/ESMELSEC-F Series FX3S-10MT/ESMELSEC-F Series FX3G-60MR/DSMELSEC-F Series FX3S-30MT/ESMELSEC-F Series FX3UC-32MT/DMELSEC-F Series FX3SA-20MT-CMMELSEC-F Series FX3GC-32MT/DMELSEC-F Series FX3UC-16MT/DSSMELSEC-F Series FX3U-48MR/ES-AMELSEC-F Series FX3G-60MR/ES-AMELSEC-F Series FX3SA-10MT-CMMELSEC-F Series FX3U-80MR/DSMELSEC-F Series FX3U-16MT/ESMELSEC-F Series FX3U-80MT/ESSMELSEC-F Series FX3S-10MT/DSMELSEC-F Series FX3U-80MR/ESMELSEC-F Series FX3S-14MT/ESMELSEC-F Series FX3UC-16MR/DS-TMELSEC-F Series FX3G-24MT/DSSMELSEC-F Series FX3GC-32MT/DSSMELSEC-F Series FX3U-48MT/ESMELSEC-F Series FX3G-14MT/DSSMELSEC-F Series FX3G-24MT/ES-AMELSEC-F Series FX3U-32MR/ESMELSEC-F Series FX3GE-24MT/DSSMELSEC-F Series FX3G-60MT/DSSMELSEC-F Series FX3U-80MR/ES-AMELSEC-F Series FX3U-64MT/DSS
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2020-6972
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 34.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 16:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

Action-Not Available
Vendor-Honeywell International Inc.
Product-notifier_webserverNotifier Web Server (NWS) Version 3.50 and earlier
CWE ID-CWE-294
Authentication Bypass by Capture-replay
Details not found