CVE-2020-12495 – This vulnerability allows privilege escalation ... (How to Fix)

Q: What is the severity of CVE-2020-12495?

CVE-2020-12495 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows privilege escalation in Endress+Hauser Ecograph T devices. When users with lower privileges log in, they may inherit higher privileges from previous sessions due to improper session management. This affects industrial control systems using these specific recorders with vulnerable firmware.

📋 TL;DR

This vulnerability allows privilege escalation in Endress+Hauser Ecograph T devices. When users with lower privileges log in, they may inherit higher privileges from previous sessions due to improper session management. This affects industrial control systems using these specific recorders with vulnerable firmware.

💻 Affected Systems

Products:

Endress+Hauser Ecograph T (Neutral/Private Label) RSG35
Endress+Hauser Ecograph T (Neutral/Private Label) ORSG35

Versions: Firmware versions prior to V2.0.0

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web-based user interface with role-based access system. The vulnerability is in the session token management.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with basic user access could gain administrative privileges, potentially modifying device configurations, altering measurement data, or disrupting industrial processes.

🟠

Likely Case

Unauthorized users gaining elevated access to modify device settings or view sensitive operational data they shouldn't have access to.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the specific device rather than broader industrial systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid user credentials but with lower privileges. The vulnerability is in the authentication mechanism itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2.0.0 or later

Vendor Advisory: https://cert.vde.com/en-us/advisories/vde-2020-021

Restart Required: Yes

Instructions:

1. Download firmware V2.0.0 or later from Endress+Hauser support portal. 2. Backup device configuration. 3. Apply firmware update following vendor instructions. 4. Restart device. 5. Verify firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from general network access

Access Restriction

all

Limit web interface access to trusted IP addresses only

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices
Monitor device logs for unusual privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or configuration utility. If version is below V2.0.0, device is vulnerable.

Check Version:

Check via device web interface: System > Information > Firmware Version

Verify Fix Applied:

After updating, verify firmware version shows V2.0.0 or higher. Test user sessions to ensure proper privilege separation.

📡 Detection & Monitoring

Log Indicators:

Multiple user sessions from same IP with different privilege levels
User accessing functions outside their role permissions

Network Indicators:

HTTP requests to privileged endpoints from low-privilege user accounts

SIEM Query:

source="ecograph_t" AND (event_type="privilege_escalation" OR (user_role_change AND NOT authorized))

📊 Metadata

CVE ID: CVE-2020-12495

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-269

Published: November 19, 2020

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/en-us/advisories/vde-2020-021 Vendor Advisory
https://cert.vde.com/en-us/advisories/vde-2020-021 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12495, you might also want to check these: