Skip to main content

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVE-2020-10635

Severity Medium
Score 4.3/10

Summary

Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

References

Advisory Timeline

  • Published