CVE-2020-20741
First published: Fri Jul 23 2021(Updated: )
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Beckhoff Cx9020 | =6.02-build_4016.6 |
Remedy
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdf
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-20741?
CVE-2020-20741 is an Incorrect Access Control vulnerability in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6.
How severe is CVE-2020-20741?
CVE-2020-20741 has a severity rating of 9.8 (Critical).
What software is affected by CVE-2020-20741?
Beckhoff Cx9020 with firmware version 6.02-build_4016.6 is affected by CVE-2020-20741.
How can the Incorrect Access Control vulnerability in Beckhoff Cx9020 be exploited?
Remote attackers can bypass authentication via the "CE Remote Display Tool" by not closing the incoming connection on the Windows CE side if the credentials are not properly validated.
Where can I find more information about CVE-2020-20741?
You can refer to the advisory-2019-006.pdf document available on the Beckhoff website for more details on CVE-2020-20741.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/beckhoff
- canonical/beckhoff cx9020
- version/beckhoff cx9020/6.02-build_4016.6