Details of VAR-201904-1018

ID

VAR-201904-1018

CVE

CVE-2019-10948

TITLE

plural Fujifilm Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004110

DESCRIPTION

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. Fujifilm CR-IR357FCRCarbonX and others are all radioactive medical image reading devices of Fujifilm Corporation of Japan. A resource management error vulnerability exists in FujifilmCR-IR357FCRCarbonX, FCRXC-2, and FCRCapsulaX that could be exploited by an attacker to cause a denial of service. Fujifilm FCR Capsula X/Carbon X are prone to a denial-of-service vulnerability and an access-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause a denial-of-service condition. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 2.61

sources: NVD: CVE-2019-10948 // JVNDB: JVNDB-2019-004110 // CNVD: CNVD-2019-14247 // BID: 108052 // VULHUB: VHN-142545 // VULMON: CVE-2019-10948

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14247

AFFECTED PRODUCTS

vendor:	fujifilm	model:	cr-ir 357 fcr xc-2	scope:	eq	version:	-	Trust: 1.0
vendor:	fujifilm	model:	cr-ir 357 fcr carbon x	scope:	eq	version:	-	Trust: 1.0
vendor:	fujifilm	model:	cr-ir 357 fcr capsula x	scope:	eq	version:	-	Trust: 1.0
vendor:	fujifilm	model:	cr-ir 357 fcr capsula x	scope:	-	version:	-	Trust: 0.8
vendor:	fujifilm	model:	cr-ir 357 fcr carbon x	scope:	-	version:	-	Trust: 0.8
vendor:	fujifilm	model:	cr-ir 357 fcr xc-2	scope:	-	version:	-	Trust: 0.8
vendor:	fujifilm	model:	cr-ir fcr carbon	scope:	eq	version:	357x	Trust: 0.6
vendor:	fujifilm	model:	fcr xc-2	scope:	-	version:	-	Trust: 0.6
vendor:	fujifilm	model:	fcr capsula	scope:	eq	version:	x	Trust: 0.6
vendor:	fujifilm	model:	fcr xc-2 cr-ir	scope:	eq	version:	357	Trust: 0.3
vendor:	fujifilm	model:	fcr carbon cr-ir	scope:	eq	version:	x357	Trust: 0.3
vendor:	fujifilm	model:	fcr capsula cr-ir	scope:	eq	version:	x357	Trust: 0.3

sources: CNVD: CNVD-2019-14247 // BID: 108052 // JVNDB: JVNDB-2019-004110 // NVD: CVE-2019-10948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10948
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10948
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-14247
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201904-1056
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142545
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-10948
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-10948
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-14247
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-142545
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10948
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-14247 // VULHUB: VHN-142545 // VULMON: CVE-2019-10948 // JVNDB: JVNDB-2019-004110 // CNNVD: CNNVD-201904-1056 // NVD: CVE-2019-10948

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-142545 // JVNDB: JVNDB-2019-004110 // NVD: CVE-2019-10948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1056

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201904-1056

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004110

PATCH

title:	FCR CAPSULA X	url:	https://www.fujifilm.com/products/medical/products/computed_radiography/capsula_x/	Trust: 0.8
title:	FCR Carbon	url:	https://www.fujifilmusa.com/products/medical/digital-x-ray/cr-systems/fcr-carbon/	Trust: 0.8

sources: JVNDB: JVNDB-2019-004110

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10948	Trust: 3.5
db:	ICS CERT	id:	ICSMA-19-113-01	Trust: 3.5
db:	BID	id:	108052	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-004110	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1056	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14247	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1386	Trust: 0.6
db:	VULHUB	id:	VHN-142545	Trust: 0.1
db:	VULMON	id:	CVE-2019-10948	Trust: 0.1

sources: CNVD: CNVD-2019-14247 // VULHUB: VHN-142545 // VULMON: CVE-2019-10948 // BID: 108052 // JVNDB: JVNDB-2019-004110 // CNNVD: CNNVD-201904-1056 // NVD: CVE-2019-10948

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-19-113-01	Trust: 3.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10948	Trust: 1.4
url:	https://www.fujifilm.com/products/medical/products/computed_radiography/capsula_x/	Trust: 0.9
url:	https://www.fujifilmusa.com/products/medical/digital-x-ray/cr-systems/fcr-carbon/	Trust: 0.9
url:	https://www.fujifilm.com	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10948	Trust: 0.8
url:	https://www.securityfocus.com/bid/108052	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/79562	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Marc Ruef and Rocco Gagliardi of Scip AG.,Marc Ruef and Rocco Gagliardi of Scip AG reported these vulnerabilities to NCCIC,Marc Ruef and Rocco Gagliardi of Scip AG reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1056

SOURCES

db:	CNVD	id:	CNVD-2019-14247
db:	VULHUB	id:	VHN-142545
db:	VULMON	id:	CVE-2019-10948
db:	BID	id:	108052
db:	JVNDB	id:	JVNDB-2019-004110
db:	CNNVD	id:	CNNVD-201904-1056
db:	NVD	id:	CVE-2019-10948

LAST UPDATE DATE

2024-11-23T22:55:37.279000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14247	date:	2019-05-14T00:00:00
db:	VULHUB	id:	VHN-142545	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-10948	date:	2019-10-09T00:00:00
db:	BID	id:	108052	date:	2019-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-004110	date:	2019-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201904-1056	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-10948	date:	2024-11-21T04:20:12.843

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14247	date:	2019-05-14T00:00:00
db:	VULHUB	id:	VHN-142545	date:	2019-04-30T00:00:00
db:	VULMON	id:	CVE-2019-10948	date:	2019-04-30T00:00:00
db:	BID	id:	108052	date:	2019-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-004110	date:	2019-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201904-1056	date:	2019-04-23T00:00:00
db:	NVD	id:	CVE-2019-10948	date:	2019-04-30T17:29:00.727