CVE-2020-9062 — MEDIUM (5.3)

Vulnerability Description

Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Dieboldnixdorf	Probase	1.1.30
Dieboldnixdorf	Procash 2100Xe	-

Related Weaknesses (CWE)

CWE-306 CWE-311 CWE-353

References

https://kb.cert.org/vuls/id/221785Third Party AdvisoryUS Government Resource
https://kb.cert.org/vuls/id/221785Third Party AdvisoryUS Government Resource
https://www.kb.cert.org/vuls/id/221785

FAQ

What is CVE-2020-9062?

CVE-2020-9062 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an atta...

How severe is CVE-2020-9062?

CVE-2020-9062 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9062?

Check the references section above for vendor advisories and patch information. Affected products include: Dieboldnixdorf Probase, Dieboldnixdorf Procash 2100Xe.