Details of VAR-202102-0394

ID

VAR-202102-0394

CVE

CVE-2020-29024

TITLE

plural GateManager Vulnerability in lack of encryption of critical data in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-011436

DESCRIPTION

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. plural GateManager The product contains a vulnerability regarding the lack of encryption of critical data.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark

Trust: 2.16

sources: NVD: CVE-2020-29024 // JVNDB: JVNDB-2020-011436 // CNVD: CNVD-2021-18013

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-18013

AFFECTED PRODUCTS

vendor:	secomea	model:	gatemanager 9250	scope:	eq	version:	*	Trust: 1.0
vendor:	secomea	model:	gatemanager 8250	scope:	lt	version:	9.3	Trust: 1.0
vendor:	secomea	model:	gatemanager 4260	scope:	eq	version:	*	Trust: 1.0
vendor:	secomea	model:	gatemanager 4250	scope:	eq	version:	*	Trust: 1.0
vendor:	b r industrial automation	model:	gatemanager 4250	scope:	-	version:	-	Trust: 0.8
vendor:	b r industrial automation	model:	gatemanager 4260	scope:	-	version:	-	Trust: 0.8
vendor:	b r industrial automation	model:	gatemanager 8250	scope:	-	version:	-	Trust: 0.8
vendor:	b r industrial automation	model:	gatemanager 9250	scope:	-	version:	-	Trust: 0.8
vendor:	secomea	model:	gatemanager	scope:	lt	version:	9.3	Trust: 0.6

sources: CNVD: CNVD-2021-18013 // JVNDB: JVNDB-2020-011436 // NVD: CVE-2020-29024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29024
value:	MEDIUM
Trust: 1.0
VulnerabilityReporting@secomea.com:	CVE-2020-29024
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-29024
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-18013
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1220
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-29024
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-18013
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-29024
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-29024
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-18013 // JVNDB: JVNDB-2020-011436 // CNNVD: CNNVD-202102-1220 // NVD: CVE-2020-29024 // NVD: CVE-2020-29024

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.0
problemtype:	CWE-614	Trust: 1.0
problemtype:	Lack of encryption of critical data (CWE-311) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011436 // NVD: CVE-2020-29024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1220

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1220

PATCH

title:	RD-2418	url:	https://www.secomea.com/support/cybersecurity-advisory/#2418	Trust: 0.8
title:	Patch for Secomea GateManager has an unspecified vulnerability (CNVD-2021-18013)	url:	https://www.cnvd.org.cn/patchInfo/show/253276	Trust: 0.6
title:	HTTPS and Secomea GateManager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142417	Trust: 0.6

sources: CNVD: CNVD-2021-18013 // JVNDB: JVNDB-2020-011436 // CNNVD: CNNVD-202102-1220

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29024	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-011436	Trust: 0.8
db:	CNVD	id:	CNVD-2021-18013	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1220	Trust: 0.6

sources: CNVD: CNVD-2021-18013 // JVNDB: JVNDB-2020-011436 // CNNVD: CNNVD-202102-1220 // NVD: CVE-2020-29024

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-29024	Trust: 2.0
url:	https://www.secomea.com/support/cybersecurity-advisory/#2418	Trust: 1.6

sources: CNVD: CNVD-2021-18013 // JVNDB: JVNDB-2020-011436 // CNNVD: CNNVD-202102-1220 // NVD: CVE-2020-29024

SOURCES

db:	CNVD	id:	CNVD-2021-18013
db:	JVNDB	id:	JVNDB-2020-011436
db:	CNNVD	id:	CNNVD-202102-1220
db:	NVD	id:	CVE-2020-29024

LAST UPDATE DATE

2024-11-23T22:11:08.018000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-18013	date:	2021-03-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-011436	date:	2021-04-02T05:27:00
db:	CNNVD	id:	CNNVD-202102-1220	date:	2021-03-09T00:00:00
db:	NVD	id:	CVE-2020-29024	date:	2024-11-21T05:23:32.413

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-18013	date:	2021-03-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-011436	date:	2021-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202102-1220	date:	2021-02-16T00:00:00
db:	NVD	id:	CVE-2020-29024	date:	2021-02-16T16:15:12.800