Skip to main content

CVE-2020-8973: CWE-284: improper access control in ZGR ZGR TPS200 NG

Critical
VulnerabilityCVE-2020-8973cvecve-2020-8973cwe-284
Published: Mon Oct 17 2022 (10/17/2022, 21:17:28 UTC)
Source: CVE
Vendor/Project: ZGR
Product: ZGR TPS200 NG

Description

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.

AI-Powered Analysis

AILast updated: 07/04/2025, 21:11:29 UTC

Technical Analysis

CVE-2020-8973 is a critical vulnerability identified in the ZGR TPS200 NG device, specifically affecting firmware version 2.00 and hardware version 1.01. The vulnerability is classified under CWE-284, which pertains to improper access control. The core issue lies in the device's failure to properly validate specially crafted requests sent over the network. This flaw allows an attacker who has network access to the device to manipulate and change various device parameters without needing to authenticate or be registered as a legitimate user on the device's web interface. The vulnerability is remotely exploitable over the network (Attack Vector: Adjacent Network), requires no privileges (PR:N), and no user interaction (UI:N), making it highly accessible to attackers within the same network segment. The vulnerability impacts confidentiality and integrity severely, as attackers can alter device configurations, potentially leading to unauthorized control or disruption of device operations. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The CVSS v3.1 base score is 9.3, reflecting its critical severity. Although no known exploits have been reported in the wild, the ease of exploitation combined with the high impact makes this a significant threat. The lack of available patches at the time of reporting further exacerbates the risk. The device in question, ZGR TPS200 NG, is typically used in industrial or infrastructure environments, where unauthorized changes could disrupt operational technology systems or critical infrastructure components. Given the nature of the vulnerability, attackers could leverage this to manipulate device behavior, potentially causing cascading effects in larger networked systems or critical processes controlled by these devices.

Potential Impact

For European organizations, the impact of this vulnerability can be substantial, especially for those operating in sectors reliant on industrial control systems, building management, or critical infrastructure where ZGR TPS200 NG devices are deployed. Unauthorized parameter changes could lead to operational disruptions, safety hazards, or data integrity issues. Confidentiality breaches may occur if attackers gain access to sensitive configuration data or network information. Integrity is heavily impacted as attackers can alter device settings without detection, potentially leading to misconfigurations, denial of service, or enabling further lateral movement within the network. The absence of authentication requirements means that any insider threat or attacker who gains network access can exploit this vulnerability, increasing the risk profile for organizations with less segmented or poorly secured internal networks. This vulnerability could also be leveraged as a foothold for more advanced persistent threats (APTs) targeting European critical infrastructure or industrial sectors. The lack of known exploits in the wild does not diminish the urgency, as the vulnerability's characteristics make it a prime candidate for future exploitation campaigns.

Mitigation Recommendations

1. Network Segmentation: Isolate ZGR TPS200 NG devices on dedicated network segments with strict access controls to limit exposure to only trusted systems and personnel. 2. Access Control Enforcement: Implement network-level access controls such as firewalls and VLANs to restrict access to the device management interfaces to authorized IP addresses only. 3. Monitoring and Logging: Enable detailed logging on the devices and network to detect unusual configuration changes or unauthorized access attempts. 4. Firmware and Hardware Updates: Engage with the vendor (ZGR) to obtain any available patches or updated firmware versions addressing this vulnerability. If no patches are available, consider applying compensating controls or replacing affected devices. 5. Intrusion Detection Systems (IDS): Deploy IDS/IPS solutions capable of detecting anomalous or specially crafted requests targeting the device's management interface. 6. Incident Response Preparedness: Develop and test incident response plans specifically for industrial or operational technology environments to quickly respond to potential exploitation. 7. Vendor Communication: Maintain active communication channels with ZGR for updates on patches or mitigation guidance. 8. Network Access Controls: Employ strong authentication and authorization mechanisms at the network level, such as 802.1X, to prevent unauthorized devices from connecting to the network segment hosting the TPS200 NG devices.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
INCIBE
Date Reserved
2020-02-13T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9815c4522896dcbd6383

Added to database: 5/21/2025, 9:08:37 AM

Last enriched: 7/4/2025, 9:11:29 PM

Last updated: 7/26/2025, 12:07:40 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats