Sign-up

ID

VAR-201904-1020


CVE

CVE-2019-10950


TITLE

plural Fujifilm Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004111

DESCRIPTION

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system. Fujifilm CR-IR357FCRCarbonX and others are all radioactive medical image reading devices of Fujifilm Corporation of Japan. Fujifilm FCR Capsula X/Carbon X are prone to a denial-of-service vulnerability and an access-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions or cause a denial-of-service condition. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 2.61

sources: NVD: CVE-2019-10950 // JVNDB: JVNDB-2019-004111 // CNVD: CNVD-2019-14246 // BID: 108052 // VULHUB: VHN-142548 // VULMON: CVE-2019-10950

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-14246

AFFECTED PRODUCTS

vendor:fujifilmmodel:cr-ir 357 fcr xc-2scope:eqversion: -

Trust: 1.0

vendor:fujifilmmodel:cr-ir 357 fcr carbon xscope:eqversion: -

Trust: 1.0

vendor:fujifilmmodel:cr-ir 357 fcr capsula xscope:eqversion: -

Trust: 1.0

vendor:fujifilmmodel:cr-ir 357 fcr capsula xscope: - version: -

Trust: 0.8

vendor:fujifilmmodel:cr-ir 357 fcr carbon xscope: - version: -

Trust: 0.8

vendor:fujifilmmodel:cr-ir 357 fcr xc-2scope: - version: -

Trust: 0.8

vendor:fujifilmmodel:cr-ir fcr carbonscope:eqversion:357x

Trust: 0.6

vendor:fujifilmmodel:fcr xc-2scope: - version: -

Trust: 0.6

vendor:fujifilmmodel:fcr capsulascope:eqversion:x

Trust: 0.6

vendor:fujifilmmodel:fcr xc-2 cr-irscope:eqversion:357

Trust: 0.3

vendor:fujifilmmodel:fcr carbon cr-irscope:eqversion:x357

Trust: 0.3

vendor:fujifilmmodel:fcr capsula cr-irscope:eqversion:x357

Trust: 0.3

sources: CNVD: CNVD-2019-14246 // BID: 108052 // JVNDB: JVNDB-2019-004111 // NVD: CVE-2019-10950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10950
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10950
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-14246
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-1055
value: CRITICAL

Trust: 0.6

VULHUB: VHN-142548
value: HIGH

Trust: 0.1

VULMON: CVE-2019-10950
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10950
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-14246
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142548
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10950
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10950
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-14246 // VULHUB: VHN-142548 // VULMON: CVE-2019-10950 // JVNDB: JVNDB-2019-004111 // CNNVD: CNNVD-201904-1055 // NVD: CVE-2019-10950

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-142548 // JVNDB: JVNDB-2019-004111 // NVD: CVE-2019-10950

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1055

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-1055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004111

PATCH
title:FCR CAPSULA Xurl:https://www.fujifilm.com/products/medical/products/computed_radiography/capsula_x/
Trust: 0.8
title:FCR Carbonurl:https://www.fujifilmusa.com/products/medical/digital-x-ray/cr-systems/fcr-carbon/
Trust: 0.8
title:Threatposturl:https://threatpost.com/hackers-cashing-in-on-healthcare-industry-security-weaknesses/153238/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-10950 // 
            
            
            
            JVNDB: JVNDB-2019-004111

EXTERNAL IDS
db:ICS CERTid:ICSMA-19-113-01
Trust: 3.5
db:NVDid:CVE-2019-10950
Trust: 3.5
db:BIDid:108052
Trust: 2.1
db:JVNDBid:JVNDB-2019-004111
Trust: 0.8
db:CNNVDid:CNNVD-201904-1055
Trust: 0.7
db:CNVDid:CNVD-2019-14246
Trust: 0.6
db:AUSCERTid:ESB-2019.1386
Trust: 0.6
db:VULHUBid:VHN-142548
Trust: 0.1
db:VULMONid:CVE-2019-10950
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-14246 // 
            
            
            
            VULHUB: VHN-142548 // 
            
            
            
            VULMON: CVE-2019-10950 // 
            
            
            
            BID: 108052 // 
            
            
            
            JVNDB: JVNDB-2019-004111 // 
            
            
            
            CNNVD: CNNVD-201904-1055 // 
            
            
            
            NVD: CVE-2019-10950

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-19-113-01
Trust: 3.6
url:http://www.securityfocus.com/bid/108052
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-10950
Trust: 1.4
url:https://www.fujifilm.com/products/medical/products/computed_radiography/capsula_x/
Trust: 0.9
url:https://www.fujifilmusa.com/products/medical/digital-x-ray/cr-systems/fcr-carbon/
Trust: 0.9
url:https://www.fujifilm.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10950
Trust: 0.8
url:https://www.auscert.org.au/bulletins/79562
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/hackers-cashing-in-on-healthcare-industry-security-weaknesses/153238/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-14246 // 
            
            
            
            VULHUB: VHN-142548 // 
            
            
            
            VULMON: CVE-2019-10950 // 
            
            
            
            BID: 108052 // 
            
            
            
            JVNDB: JVNDB-2019-004111 // 
            
            
            
            CNNVD: CNNVD-201904-1055 // 
            
            
            
            NVD: CVE-2019-10950

CREDITS
Marc Ruef and Rocco Gagliardi of Scip AG.,Marc Ruef and Rocco Gagliardi of Scip AG reported these vulnerabilities to NCCIC,Marc Ruef and Rocco Gagliardi of Scip AG reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1055

SOURCES
db:CNVDid:CNVD-2019-14246
db:VULHUBid:VHN-142548
db:VULMONid:CVE-2019-10950
db:BIDid:108052
db:JVNDBid:JVNDB-2019-004111
db:CNNVDid:CNNVD-201904-1055
db:NVDid:CVE-2019-10950

LAST UPDATE DATE
2024-11-23T22:55:37.240000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-14246date:2019-05-14T00:00:00
db:VULHUBid:VHN-142548date:2020-10-02T00:00:00
db:VULMONid:CVE-2019-10950date:2020-10-02T00:00:00
db:BIDid:108052date:2019-04-23T00:00:00
db:JVNDBid:JVNDB-2019-004111date:2019-05-27T00:00:00
db:CNNVDid:CNNVD-201904-1055date:2020-10-28T00:00:00
db:NVDid:CVE-2019-10950date:2024-11-21T04:20:13.083

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-14246date:2019-05-14T00:00:00
db:VULHUBid:VHN-142548date:2019-04-30T00:00:00
db:VULMONid:CVE-2019-10950date:2019-04-30T00:00:00
db:BIDid:108052date:2019-04-23T00:00:00
db:JVNDBid:JVNDB-2019-004111date:2019-05-27T00:00:00
db:CNNVDid:CNNVD-201904-1055date:2019-04-23T00:00:00
db:NVDid:CVE-2019-10950date:2019-04-30T17:29:00.803