CVE-2020-9062
low-risk
Published 2020-08-21
Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (1)
Probase
Affected Vendors
References (3)
Third Party Advisory
https://kb.cert.org/vuls/id/221785
Third Party Advisory
https://kb.cert.org/vuls/id/221785
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal