Details of VAR-201907-1438

ID

VAR-201907-1438

CVE

CVE-2019-10966

TITLE

GE Aestiva and Aespire Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006520

DESCRIPTION

In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. GE Aestiva and Aespire Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-10966 // JVNDB: JVNDB-2019-006520 // BID: 109102 // VULHUB: VHN-142565

AFFECTED PRODUCTS

vendor:	ge	model:	aestiva 7100	scope:	eq	version:	-	Trust: 1.0
vendor:	ge	model:	aespire 7100	scope:	eq	version:	-	Trust: 1.0
vendor:	ge	model:	aestiva 7900	scope:	eq	version:	-	Trust: 1.0
vendor:	ge	model:	aespire 7900	scope:	eq	version:	-	Trust: 1.0
vendor:	general electric	model:	aespire 7100	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	aespire 7900	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	aestiva 7100	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	aestiva 7900	scope:	-	version:	-	Trust: 0.8
vendor:	gehealthcare	model:	aestiva	scope:	eq	version:	7900	Trust: 0.3
vendor:	gehealthcare	model:	aestiva	scope:	eq	version:	7100	Trust: 0.3
vendor:	gehealthcare	model:	aespire	scope:	eq	version:	7900	Trust: 0.3
vendor:	gehealthcare	model:	aespire	scope:	eq	version:	7100	Trust: 0.3

sources: BID: 109102 // JVNDB: JVNDB-2019-006520 // NVD: CVE-2019-10966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10966
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10966
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201907-532
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-142565
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10966
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142565
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10966
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10966
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-142565 // JVNDB: JVNDB-2019-006520 // CNNVD: CNNVD-201907-532 // NVD: CVE-2019-10966

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-142565 // JVNDB: JVNDB-2019-006520 // NVD: CVE-2019-10966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-532

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006520

PATCH

title:

Top Page

url:

https://www.ge.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-006520

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10966	Trust: 2.8
db:	ICS CERT	id:	ICSMA-19-190-01	Trust: 2.8
db:	BID	id:	109102	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-006520	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-532	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2526	Trust: 0.6
db:	VULHUB	id:	VHN-142565	Trust: 0.1

sources: VULHUB: VHN-142565 // BID: 109102 // JVNDB: JVNDB-2019-006520 // CNNVD: CNNVD-201907-532 // NVD: CVE-2019-10966

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-19-190-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/109102	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10966	Trust: 1.4
url:	http://www.ge-ip.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10966	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.2526/	Trust: 0.6

sources: VULHUB: VHN-142565 // BID: 109102 // JVNDB: JVNDB-2019-006520 // CNNVD: CNNVD-201907-532 // NVD: CVE-2019-10966

CREDITS

Elad Luz of CyberMDX

Trust: 0.9

sources: BID: 109102 // CNNVD: CNNVD-201907-532

SOURCES

db:	VULHUB	id:	VHN-142565
db:	BID	id:	109102
db:	JVNDB	id:	JVNDB-2019-006520
db:	CNNVD	id:	CNNVD-201907-532
db:	NVD	id:	CVE-2019-10966

LAST UPDATE DATE

2024-11-23T22:25:53.387000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142565	date:	2020-10-02T00:00:00
db:	BID	id:	109102	date:	2019-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006520	date:	2019-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-532	date:	2019-07-23T00:00:00
db:	NVD	id:	CVE-2019-10966	date:	2024-11-21T04:20:15.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142565	date:	2019-07-10T00:00:00
db:	BID	id:	109102	date:	2019-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006520	date:	2019-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-532	date:	2019-07-09T00:00:00
db:	NVD	id:	CVE-2019-10966	date:	2019-07-10T18:15:10.817