Sign-up

ID

VAR-201908-0255


CVE

CVE-2019-9569


TITLE

Delta Controls enteliBUS Manager Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-008743 // CNNVD: CNNVD-201908-1942

DESCRIPTION

Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. Delta Controls enteliBUS Manager Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Controls enteliBUS Manager is a programmable BACnet (communication protocol for smart buildings) controller from Delta Controls, Canada. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-9569 // JVNDB: JVNDB-2019-008743 // VULHUB: VHN-161004

AFFECTED PRODUCTS

vendor:deltacontrolsmodel:entelibusscope:eqversion:3.40_b-571848

Trust: 1.0

vendor:delta controlsmodel:entelibusscope:eqversion:3.40_b-571848

Trust: 0.8

sources: JVNDB: JVNDB-2019-008743 // NVD: CVE-2019-9569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9569
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9569
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-1942
value: CRITICAL

Trust: 0.6

VULHUB: VHN-161004
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9569
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-161004
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9569
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-161004 // JVNDB: JVNDB-2019-008743 // CNNVD: CNNVD-201908-1942 // NVD: CVE-2019-9569

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-161004 // JVNDB: JVNDB-2019-008743 // NVD: CVE-2019-9569

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1942

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1942

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008743

PATCH
title:enteliBUSurl:https://www.deltacontrols.com/products/hvac-controls/central-plant-controllers/entelibus
Trust: 0.8
title:Delta Controls enteliBUS Manager Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97426
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008743 // 
            
            
            
            CNNVD: CNNVD-201908-1942

EXTERNAL IDS
db:NVDid:CVE-2019-9569
Trust: 2.5
db:ICS CERTid:ICSA-19-239-01
Trust: 1.4
db:JVNDBid:JVNDB-2019-008743
Trust: 0.8
db:CNNVDid:CNNVD-201908-1942
Trust: 0.7
db:AUSCERTid:ESB-2019.3249
Trust: 0.6
db:NSFOCUSid:44188
Trust: 0.6
db:VULHUBid:VHN-161004
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161004 // 
            
            
            
            JVNDB: JVNDB-2019-008743 // 
            
            
            
            CNNVD: CNNVD-201908-1942 // 
            
            
            
            NVD: CVE-2019-9569

REFERENCES
url:https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hvacking-understanding-the-delta-between-security-and-reality/
Trust: 2.5
url:https://www.deltacontrols.com/products/hvac-controls/central-plant-controllers/entelibus
Trust: 1.7
url:https://www.us-cert.gov/ics/advisories/icsa-19-239-01
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-9569
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9569
Trust: 0.8
url:http://www.nsfocus.net/vulndb/44188
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3249/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-161004 // 
            
            
            
            JVNDB: JVNDB-2019-008743 // 
            
            
            
            CNNVD: CNNVD-201908-1942 // 
            
            
            
            NVD: CVE-2019-9569

CREDITS
Douglas McKee @fulmetalpackets and contributing researcher Mark Bereza @ROPsicle of McAfee Advanced Threat Research
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1942

SOURCES
db:VULHUBid:VHN-161004
db:JVNDBid:JVNDB-2019-008743
db:CNNVDid:CNNVD-201908-1942
db:NVDid:CVE-2019-9569

LAST UPDATE DATE
2024-11-23T22:58:37.264000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161004date:2019-09-03T00:00:00
db:JVNDBid:JVNDB-2019-008743date:2019-10-04T00:00:00
db:CNNVDid:CNNVD-201908-1942date:2019-09-04T00:00:00
db:NVDid:CVE-2019-9569date:2024-11-21T04:51:52.453

SOURCES RELEASE DATE
db:VULHUBid:VHN-161004date:2019-08-26T00:00:00
db:JVNDBid:JVNDB-2019-008743date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-1942date:2019-08-26T00:00:00
db:NVDid:CVE-2019-9569date:2019-08-26T20:15:10.127