Sign-up

ID

VAR-201906-0275


CVE

CVE-2019-12774


TITLE

ENTTEC Datagate Mk2 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-005343

DESCRIPTION

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor. ENTTEC Datagate Mk2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ENTTEC Datagate MK2 is a lighting controller produced by Australian ENTTEC company. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2019-12774 // JVNDB: JVNDB-2019-005343 // VULHUB: VHN-144554

AFFECTED PRODUCTS

vendor:enttecmodel:storm 24scope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:pixelatorscope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:e-streamer mk2scope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:datagate mk2scope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:datagate mk2scope:eqversion:70044_update_05032019-482

Trust: 0.8

vendor:enttecmodel:e-streamer mk2scope: - version: -

Trust: 0.8

vendor:enttecmodel:pixelatorscope: - version: -

Trust: 0.8

vendor:enttecmodel:storm 24scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-005343 // NVD: CVE-2019-12774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12774
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12774
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-301
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144554
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12774
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144554
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12774
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144554 // JVNDB: JVNDB-2019-005343 // CNNVD: CNNVD-201906-301 // NVD: CVE-2019-12774

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-144554 // JVNDB: JVNDB-2019-005343 // NVD: CVE-2019-12774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-301

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201906-301

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005343

PATCH
title:Datagate MK2url:https://www.enttec.com/product/controls/dmx-ethernet-lighting-control/advanced-lighting-data-control/
Trust: 0.8
title:Pixelatorurl:https://www.enttec.com.au/product/controls/addressable-led-pixel-control/ethernet-to-pixel-converter/
Trust: 0.8
title:Storm 24url:https://www.enttec.com.au/product/network-and-distribution/dmx512-conversion/ethernet-to-dmx-converter/
Trust: 0.8
title:E-Streamer Mk2url:https://www.enttec.com.au/product/playback/lighting-show-recorder/advanced-show-recorder/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005343

EXTERNAL IDS
db:NVDid:CVE-2019-12774
Trust: 2.5
db:JVNDBid:JVNDB-2019-005343
Trust: 0.8
db:CNNVDid:CNNVD-201906-301
Trust: 0.7
db:ICS CERTid:ICSA-20-177-01
Trust: 0.6
db:AUSCERTid:ESB-2020.2211
Trust: 0.6
db:VULHUBid:VHN-144554
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144554 // 
            
            
            
            JVNDB: JVNDB-2019-005343 // 
            
            
            
            CNNVD: CNNVD-201906-301 // 
            
            
            
            NVD: CVE-2019-12774

REFERENCES
url:https://www.mogozobo.com/?p=3476
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-12774
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12774
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-177-01
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-177-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2211/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144554 // 
            
            
            
            JVNDB: JVNDB-2019-005343 // 
            
            
            
            CNNVD: CNNVD-201906-301 // 
            
            
            
            NVD: CVE-2019-12774

SOURCES
db:VULHUBid:VHN-144554
db:JVNDBid:JVNDB-2019-005343
db:CNNVDid:CNNVD-201906-301
db:NVDid:CVE-2019-12774

LAST UPDATE DATE
2024-11-23T22:06:10.886000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144554date:2019-06-10T00:00:00
db:JVNDBid:JVNDB-2019-005343date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-301date:2020-09-16T00:00:00
db:NVDid:CVE-2019-12774date:2024-11-21T04:23:32.973

SOURCES RELEASE DATE
db:VULHUBid:VHN-144554date:2019-06-07T00:00:00
db:JVNDBid:JVNDB-2019-005343date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-301date:2019-06-07T00:00:00
db:NVDid:CVE-2019-12774date:2019-06-07T16:29:00.597