How severe is CVE-2020-6992?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-6992?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2020-6992 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer.

Related Vulnerabilities

CVE-2011-2910

MEDIUM

CVSS:6.7(Medium)

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would c...

CWE-2692011

CVE-2017-14329

MEDIUM

CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

CWE-2692017

CVE-2017-14330

MEDIUM

CVSS:6.7(Medium)

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

CWE-2692017

CVE-2017-14380

MEDIUM

CVSS:6.7(Medium)

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_g...

CWE-2692017

CVE-2017-6152

MEDIUM

CVSS:6.7(Medium)

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account passwor...

CWE-2692017

CVE-2017-6732

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343...

CWE-2692017