{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T11:44:24.465","vulnerabilities":[{"cve":{"id":"CVE-2020-12017","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2020-06-02T19:15:11.403","lastModified":"2024-11-21T04:59:07.367","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system."},{"lang":"es","value":"GE Grid Solutions Reason RT Clocks, RT430, RT431 y RT434, todas las versiones de firmware anteriores a 08A05. La vulnerabilidad del dispositivo en la aplicación web podría permitir múltiples ataques no autenticados que podrían causar un grave impacto. La vulnerabilidad puede permitir a un atacante no autenticado ejecutar comandos arbitrarios y enviar una petición hacia una URL específica que podría causar que el dispositivo deje de responder. El atacante no autenticado puede cambiar la contraseña de la cuenta de usuario \"configuration\", permitiendo al atacante modificar la configuración del dispositivo por medio de la interfaz web usando la nueva contraseña. Esta vulnerabilidad también puede permitir a un atacante no autenticado omitir la autenticación requerida para configurar el dispositivo y reiniciar el sistema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ge:rt430_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"08a05","matchCriteriaId":"DD109DE7-1C72-4778-9B9E-268F2E731018"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ge:rt430:-:*:*:*:*:*:*:*","matchCriteriaId":"0EB994D8-B52E-4375-8957-6B5F0866F5B3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ge:rt431_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"08a05","matchCriteriaId":"C32D1CAD-1546-4229-AC62-80E5A2E7557C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ge:rt431:-:*:*:*:*:*:*:*","matchCriteriaId":"366B4D1B-A8CB-4EA9-8C84-A4E3CCB4B22D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ge:rt434_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"08a05","matchCriteriaId":"10BC5948-A2D1-45B6-87B4-DD4524791F18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ge:rt434:-:*:*:*:*:*:*:*","matchCriteriaId":"BCD38027-CE2E-45B0-98B2-922C64494745"}]}]}],"references":[{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-154-05","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-154-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}