CVE-2020-10628 : Security Advisory and Response

ControlEdge PLC and RTU devices are affected by a vulnerability that exposes unencrypted passwords on the network.

Understanding CVE-2020-10628

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) are impacted by a cleartext transmission of sensitive information vulnerability.

What is CVE-2020-10628?

The vulnerability in ControlEdge PLC and RTU devices allows unencrypted passwords to be exposed on the network, posing a security risk.

The Impact of CVE-2020-10628

This vulnerability could lead to unauthorized access to sensitive information, compromising the security and integrity of the affected systems.

Technical Details of CVE-2020-10628

ControlEdge PLC and RTU devices are susceptible to the following:

Vulnerability Description

The vulnerability involves the exposure of unencrypted passwords on the network, potentially allowing malicious actors to intercept and misuse this sensitive information.

Affected Systems and Versions

ControlEdge PLC versions R130.2, R140, R150, and R151
ControlEdge RTU versions R101, R110, R140, R150, and R151

Exploitation Mechanism

The vulnerability occurs due to the lack of encryption for passwords during network transmission, making them easily accessible to attackers.

Mitigation and Prevention

To address CVE-2020-10628, consider the following steps:

Immediate Steps to Take

Implement network segmentation to restrict access to vulnerable devices
Monitor network traffic for any unauthorized access attempts
Change default passwords and use strong, encrypted credentials

Long-Term Security Practices

Regularly update firmware and security patches for the affected devices
Conduct security audits and assessments to identify and mitigate vulnerabilities

Patching and Updates

Apply patches provided by the vendor to fix the vulnerability and enhance the security of ControlEdge PLC and RTU devices