Details of VAR-201905-1150

ID

VAR-201905-1150

CVE

CVE-2019-11536

TITLE

Kalki Kalkitech SYNC3000 Substation DCU Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-004822

DESCRIPTION

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. Kalki Kalkitech SYNC3000 Substation DCU Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kalkitech SYNC3000 Substation DCU GPC is a substation data concentrator and communication device. A security vulnerability exists in the Kalkitech SYNC3000 Substation DCU GPC. An attacker could exploit this vulnerability to execute injected client commands or scripts. The following products and versions are affected: Kalkitech SYNC3000 Substation DCU GPC Version 2.22.6, Version 2.23.0, Version 2.24.0, Version 3.0.0, Version 3.1.0, Version 3.1.16, Version 3.2.3, Version 3.2.6 Version, version 3.5.0, version 3.6.0, version 3.6.1

Trust: 1.8

sources: NVD: CVE-2019-11536 // JVNDB: JVNDB-2019-004822 // VULHUB: VHN-143192 // VULMON: CVE-2019-11536

AFFECTED PRODUCTS

vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.2.3	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	2.23.0	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.5.0	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.6.0	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	2.22.6	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.1.16	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.6.1	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	2.24.0	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.2.6	Trust: 1.0
vendor:	kalkitech	model:	sync3000	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 2.22.6	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 2.23.0	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 2.24.0	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.0.0	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.1.0	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.1.16	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.2.3	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.2.6	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.5.0	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.6.0	Trust: 0.8
vendor:	kalki communication pvt	model:	sync 3000	scope:	eq	version:	gpc 3.6.1	Trust: 0.8

sources: JVNDB: JVNDB-2019-004822 // NVD: CVE-2019-11536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11536
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-11536
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201905-889
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-143192
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-11536
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-11536
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-143192
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11536
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-143192 // VULMON: CVE-2019-11536 // JVNDB: JVNDB-2019-004822 // CNNVD: CNNVD-201905-889 // NVD: CVE-2019-11536

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-143192 // JVNDB: JVNDB-2019-004822 // NVD: CVE-2019-11536

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-889

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-889

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004822

PATCH

title:	CYB/2019/19561	url:	https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf	Trust: 0.8
title:	Cybersecurity	url:	https://www.kalkitech.com/cybersecurity/	Trust: 0.8
title:	Kalki Kalkitech SYNC3000 Substation DCU GPC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92868	Trust: 0.6

sources: JVNDB: JVNDB-2019-004822 // CNNVD: CNNVD-201905-889

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11536	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-004822	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-889	Trust: 0.7
db:	VULHUB	id:	VHN-143192	Trust: 0.1
db:	VULMON	id:	CVE-2019-11536	Trust: 0.1

sources: VULHUB: VHN-143192 // VULMON: CVE-2019-11536 // JVNDB: JVNDB-2019-004822 // CNNVD: CNNVD-201905-889 // NVD: CVE-2019-11536

REFERENCES

url:	https://www.kalkitech.com/cybersecurity/	Trust: 1.8
url:	https://www.kalkitech.com/wp-content/uploads/cyb_19561_advisory.pdf	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11536	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11536	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-143192 // VULMON: CVE-2019-11536 // JVNDB: JVNDB-2019-004822 // CNNVD: CNNVD-201905-889 // NVD: CVE-2019-11536

SOURCES

db:	VULHUB	id:	VHN-143192
db:	VULMON	id:	CVE-2019-11536
db:	JVNDB	id:	JVNDB-2019-004822
db:	CNNVD	id:	CNNVD-201905-889
db:	NVD	id:	CVE-2019-11536

LAST UPDATE DATE

2024-11-23T22:12:00.909000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-143192	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-11536	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004822	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-889	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-11536	date:	2024-11-21T04:21:17.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-143192	date:	2019-05-22T00:00:00
db:	VULMON	id:	CVE-2019-11536	date:	2019-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-004822	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-889	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2019-11536	date:	2019-05-22T18:29:00.537