Lucene search

INCIBECVELIST:CVE-2020-8976

HistorySep 30, 2022 - 12:00 a.m.

CVE-2020-8976 ZGR TPS200 Cross-Site Request Forgery (CSRF)

2022-09-3000:00:00

CWE-352

INCIBE

www.cve.org

cve-2020-8976

cross-site request forgery

zgr tps200

remote attack

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZGR TPS200 NG",
    "vendor": "ZGR",
    "versions": [
      {
        "status": "affected",
        "version": "2.00 firmware version 2.00"
      },
      {
        "status": "affected",
        "version": "1.01 hardware version 1.01"
      }
    ]
  }
]

References

www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVELIST:CVE-2020-8976