Sign-up

ID

VAR-201903-0182


CVE

CVE-2019-6542


TITLE

plural ENTTEC Vulnerability related to lack of certification for critical functions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003105

DESCRIPTION

ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition. ENTTEC Datagate MK2 , Storm 24 , Pixelator Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. ENTTECDatagateMK2 and other products are products of Australian ENTTEC company. The ENTTECDatagateMK2 is a lighting controller. The ENTTECStorm24 is an Ethernet to DMX512 converter. The ENTTECPixelator is a pixel controller. ENTTEC Lighting Controllers are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to reboot the affected device, denying service to legitimate users. The following ENTTEC products and versions are affected: Datagate MK2 all versions prior to 70044-update-05032019-482, Storm 24 all versions prior to 70050-update-05032019-482, and Pixelator all versions prior to 70060-update-05032019-482

Trust: 2.61

sources: NVD: CVE-2019-6542 // JVNDB: JVNDB-2019-003105 // CNVD: CNVD-2019-08969 // BID: 107592 // IVD: ce3903e4-75e5-4a41-9971-a43166124523

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: ce3903e4-75e5-4a41-9971-a43166124523 // CNVD: CNVD-2019-08969

AFFECTED PRODUCTS

vendor:enttecmodel:datagate mk2scope:ltversion:70044_update_05032019-482

Trust: 1.8

vendor:enttecmodel:pixelatorscope:ltversion:70060_update_05032019-482

Trust: 1.8

vendor:enttecmodel:storm 24scope:ltversion:70050_update_05032019-482

Trust: 1.8

vendor:enttecmodel:datagate mk2 <70044 update 05032019-482scope: - version: -

Trust: 0.6

vendor:enttecmodel:storm <70050 update 05032019-482scope:eqversion:24

Trust: 0.6

vendor:enttecmodel:pixelator <70060 update 05032019-482scope: - version: -

Trust: 0.6

vendor:enttecmodel:stormscope:eqversion:240

Trust: 0.3

vendor:enttecmodel:pixelatorscope:eqversion:0

Trust: 0.3

vendor:enttecmodel:datagate mk2scope:eqversion:0

Trust: 0.3

vendor:enttecmodel:storm updatescope:neversion:24700500503201

Trust: 0.3

vendor:enttecmodel:pixelator updatescope:neversion:700600503201

Trust: 0.3

vendor:enttecmodel:datagate mk2 updatescope:neversion:700440503201

Trust: 0.3

vendor:datagate mk2model: - scope:eqversion:*

Trust: 0.2

vendor:storm 24model: - scope:eqversion:*

Trust: 0.2

vendor:pixelatormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ce3903e4-75e5-4a41-9971-a43166124523 // CNVD: CNVD-2019-08969 // BID: 107592 // JVNDB: JVNDB-2019-003105 // NVD: CVE-2019-6542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6542
value: HIGH

Trust: 1.0

NVD: CVE-2019-6542
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-08969
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-1045
value: HIGH

Trust: 0.6

IVD: ce3903e4-75e5-4a41-9971-a43166124523
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-6542
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-08969
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ce3903e4-75e5-4a41-9971-a43166124523
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-6542
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6542
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ce3903e4-75e5-4a41-9971-a43166124523 // CNVD: CNVD-2019-08969 // JVNDB: JVNDB-2019-003105 // CNNVD: CNNVD-201903-1045 // NVD: CVE-2019-6542

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-003105 // NVD: CVE-2019-6542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1045

TYPE

Access control error

Trust: 0.8

sources: IVD: ce3903e4-75e5-4a41-9971-a43166124523 // CNNVD: CNNVD-201903-1045

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003105

PATCH
title:Datagate MK2url:https://www.enttec.com/product/controls/dmx-ethernet-lighting-control/advanced-lighting-data-control/
Trust: 0.8
title:Storm 24url:https://www.enttec.com/product/controls/dmx-ethernet-lighting-control/ethernet-to-dmx-converter/
Trust: 0.8
title:Pixelatorurl:https://www.enttec.com/product/controls/addressable-led-pixel-control/24-port-ethernet-pixel-controller/
Trust: 0.8
title:Patch for ENTTECDatagateMK2, Storm24, and Pixelator Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/158069
Trust: 0.6
title:ENTTEC Datagate MK2 , Storm 24  and Pixelator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90466
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-08969 // 
            
            
            
            JVNDB: JVNDB-2019-003105 // 
            
            
            
            CNNVD: CNNVD-201903-1045

EXTERNAL IDS
db:NVDid:CVE-2019-6542
Trust: 3.5
db:ICS CERTid:ICSA-19-085-03
Trust: 3.3
db:BIDid:107592
Trust: 0.9
db:CNVDid:CNVD-2019-08969
Trust: 0.8
db:CNNVDid:CNNVD-201903-1045
Trust: 0.8
db:JVNDBid:JVNDB-2019-003105
Trust: 0.8
db:AUSCERTid:ESB-2019.1012
Trust: 0.6
db:IVDid:CE3903E4-75E5-4A41-9971-A43166124523
Trust: 0.2
sources:
            
            
            IVD: ce3903e4-75e5-4a41-9971-a43166124523 // 
            
            
            
            CNVD: CNVD-2019-08969 // 
            
            
            
            BID: 107592 // 
            
            
            
            JVNDB: JVNDB-2019-003105 // 
            
            
            
            CNNVD: CNNVD-201903-1045 // 
            
            
            
            NVD: CVE-2019-6542

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-085-03-0
Trust: 3.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-6542
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6542
Trust: 0.8
url:https://www.auscert.org.au/bulletins/77906
Trust: 0.6
url:http://www.securityfocus.com/bid/107592
Trust: 0.6
url:https://www.enttec.com/products/network-and-distribution/dmx512-conversion/advanced-lighting-data-control/
Trust: 0.3
url:https://www.enttec.com/as/
Trust: 0.3
url:https://www.enttec.com/products/led-pixel-drivers/led-pixel-strip-driver/ethernet-to-pixel-converter/
Trust: 0.3
url:https://www.enttec.com/products/network-and-distribution/dmx512-conversion/ethernet-to-dmx-converter/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-08969 // 
            
            
            
            BID: 107592 // 
            
            
            
            JVNDB: JVNDB-2019-003105 // 
            
            
            
            CNNVD: CNNVD-201903-1045 // 
            
            
            
            NVD: CVE-2019-6542

CREDITS
Ankit Anubhav of NewSky Security reported this vulnerability to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-1045

SOURCES
db:IVDid:ce3903e4-75e5-4a41-9971-a43166124523
db:CNVDid:CNVD-2019-08969
db:BIDid:107592
db:JVNDBid:JVNDB-2019-003105
db:CNNVDid:CNNVD-201903-1045
db:NVDid:CVE-2019-6542

LAST UPDATE DATE
2024-11-23T22:06:18.891000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-08969date:2019-04-03T00:00:00
db:BIDid:107592date:2019-03-26T00:00:00
db:JVNDBid:JVNDB-2019-003105date:2019-05-10T00:00:00
db:CNNVDid:CNNVD-201903-1045date:2019-10-10T00:00:00
db:NVDid:CVE-2019-6542date:2024-11-21T04:46:39.753

SOURCES RELEASE DATE
db:IVDid:ce3903e4-75e5-4a41-9971-a43166124523date:2019-04-03T00:00:00
db:CNVDid:CNVD-2019-08969date:2019-04-03T00:00:00
db:BIDid:107592date:2019-03-26T00:00:00
db:JVNDBid:JVNDB-2019-003105date:2019-05-10T00:00:00
db:CNNVDid:CNNVD-201903-1045date:2019-03-26T00:00:00
db:NVDid:CVE-2019-6542date:2019-03-28T14:29:00.367