Login Sign Up

CVE-2020-10634

9.1 CRITICAL

📋 TL;DR

This vulnerability in SAE IT-systems FW-50 Remote Telemetry Units allows attackers to access sensitive files through directory traversal attacks. Organizations using these industrial control system devices for remote monitoring are affected, potentially exposing configuration files and operational data.

💻 Affected Systems

Products:
  • SAE IT-systems FW-50 Remote Telemetry Unit
Versions: All versions prior to firmware update
Operating Systems: Embedded RTU firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component of the RTU firmware.

📦 What is this software?

Net Line Fw 50 Firmware by Sae It

View all CVEs affecting Net Line Fw 50 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the RTU allowing attackers to modify configurations, disrupt operations, and potentially pivot to other industrial control systems.

🟠

Likely Case

Unauthorized access to sensitive configuration files, passwords, and operational data leading to information disclosure and potential operational disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - RTUs often deployed in remote locations with internet connectivity for monitoring purposes.
🏢 Internal Only: MEDIUM - Internal network access could still allow exploitation if devices are reachable.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Directory traversal attacks are well-understood and easy to automate.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact vendor for specific firmware version

Vendor Advisory: https://www.us-cert.gov/ics/advisories/ICSA2012602

Restart Required: Yes

Instructions:

1. Contact SAE IT-systems for updated firmware
2. Backup current configuration
3. Apply firmware update following vendor instructions
4. Verify functionality post-update

🔧 Temporary Workarounds

Network Segmentation

all

Isolate RTU devices in separate network segments with strict firewall rules

Access Control Lists

all

Implement strict IP-based access controls to RTU web interfaces

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to block all external access to RTU web interfaces
  • Monitor network traffic for directory traversal patterns and unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Test web interface with directory traversal payloads (e.g., ../../etc/passwd) or check firmware version against vendor advisory

Check Version:

Check web interface or device management console for firmware version information

Verify Fix Applied:

Verify firmware version matches vendor's patched version and retest with directory traversal payloads

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing ../ patterns
  • Unauthorized file access attempts
  • Multiple failed access attempts to sensitive paths

Network Indicators:

  • HTTP requests with directory traversal sequences
  • Unusual file access patterns from external IPs

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*..\\*" OR uri="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2020-10634
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-22
Published: May 5, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10634, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)