Sign-up

ID

VAR-201908-0862


CVE

CVE-2019-13526


TITLE

Datalogic AV7000 Linear barcode scanner Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008681

DESCRIPTION

Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. Datalogic AV7000 Linear barcode scanner Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AV7000 is a linear barcode scanner launched by Datalogic. Datalogic AV7000 versions prior to 4.6.0.0 have a certification bypass vulnerability. Remote attackers can use alternative paths or channels to exploit this vulnerability to execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2019-13526 // JVNDB: JVNDB-2019-008681 // CNVD: CNVD-2021-102423

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-102423

AFFECTED PRODUCTS

vendor:datalogicmodel:av7000scope:ltversion:4.6.0.0

Trust: 2.4

sources: CNVD: CNVD-2021-102423 // JVNDB: JVNDB-2019-008681 // NVD: CVE-2019-13526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13526
value: HIGH

Trust: 1.0

NVD: CVE-2019-13526
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-102423
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-2083
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13526
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-102423
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13526
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2021-102423 // JVNDB: JVNDB-2019-008681 // CNNVD: CNNVD-201908-2083 // NVD: CVE-2019-13526

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

problemtype:CWE-288

Trust: 1.0

sources: JVNDB: JVNDB-2019-008681 // NVD: CVE-2019-13526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2083

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-2083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008681

PATCH
title:AV7000url:https://www.datalogic.com/eng/products/industrial-automation/fixed-industrial-barcode-readers/av7000-pd-709.html
Trust: 0.8
title:Patch for Datalogic AV7000 certification bypass vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/309191
Trust: 0.6
title:Datalogic AV7000 Linear Barcode Scanner Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97556
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-102423 // 
            
            
            
            JVNDB: JVNDB-2019-008681 // 
            
            
            
            CNNVD: CNNVD-201908-2083

EXTERNAL IDS
db:NVDid:CVE-2019-13526
Trust: 3.0
db:ICS CERTid:ICSA-19-239-02
Trust: 3.0
db:JVNDBid:JVNDB-2019-008681
Trust: 0.8
db:CNVDid:CNVD-2021-102423
Trust: 0.6
db:AUSCERTid:ESB-2019.3259
Trust: 0.6
db:NSFOCUSid:44189
Trust: 0.6
db:CNNVDid:CNNVD-201908-2083
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-102423 // 
            
            
            
            JVNDB: JVNDB-2019-008681 // 
            
            
            
            CNNVD: CNNVD-201908-2083 // 
            
            
            
            NVD: CVE-2019-13526

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-239-02
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-13526
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13526
Trust: 0.8
url:http://www.nsfocus.net/vulndb/44189
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3259/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-102423 // 
            
            
            
            JVNDB: JVNDB-2019-008681 // 
            
            
            
            CNNVD: CNNVD-201908-2083 // 
            
            
            
            NVD: CVE-2019-13526

SOURCES
db:CNVDid:CNVD-2021-102423
db:JVNDBid:JVNDB-2019-008681
db:CNNVDid:CNNVD-201908-2083
db:NVDid:CVE-2019-13526

LAST UPDATE DATE
2024-11-23T23:11:45.377000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-102423date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2019-008681date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2083date:2019-09-04T00:00:00
db:NVDid:CVE-2019-13526date:2024-11-21T04:25:04.687

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-102423date:2021-12-22T00:00:00
db:JVNDBid:JVNDB-2019-008681date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2083date:2019-08-27T00:00:00
db:NVDid:CVE-2019-13526date:2019-08-30T09:15:18.550