At any point of the digital transition,…
NIO 50 provided by NEXCOM contains multiple vulnerabilities (All Versions).
Wednesday, 4 November 2020, 09:26 GMT
The NIO 50 given by NEXCOM is a portal for industrial systems for wireless sensor networks. The product includes several bugs as follows:
A) Validation of the Input Kludge (CWE-20) —CVE-2020-25151511
CVSS v3 CVSS: 3.1 / AV: N / AC: L / PR: N / UI: N / S: U / C: N / I: N / A: L Base value: 5.3 / A: L Base value: 5.3
B) Sending a direct text of essential details (CWE-319) —CVE-2020-2515555
CVSS v3 CVSS: 3.1 / AV: A / AC: L / PR: N / UI: N / S: U / C: L / I: N / A: N Base Value: 4.3 N / A: N Base Value: 4.3
The anticipated effect depends on each weakness, but as follows, it can be impacted.
Denial of Service (DoS) Third Party Remote Attack-CVE-2020-25151
Critical information stolen on an adjacent network from a third party —CVE-2020-251555.
Note: The countermeasures are uncertain as of November 4 , 2020. The software is no longer available for sale or support, according to the developers.