Sign-up

ID

VAR-201910-0949


CVE

CVE-2019-15051


TITLE

Softing uaGate firmware Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-010625

DESCRIPTION

An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. Softing uaGate (SI, MB, 840D) firmware Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Softing uaGate SI and so on are the products of German Softing company. Softing uaGate SI is a compact industrial gateway product. Softing uaGate 840D is an IoT gateway product. Softing uaGate MB is a gateway product for Modbus TCP controller. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. Softing uaGate SI etc

Trust: 2.79

sources: NVD: CVE-2019-15051 // JVNDB: JVNDB-2019-010625 // CNVD: CNVD-2019-35847 // CNNVD: CNNVD-201910-701 // VULHUB: VHN-147059

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-35847

AFFECTED PRODUCTS

vendor:softingmodel:uagate siscope:lteversion:1.71.00.1225

Trust: 1.0

vendor:softingmodel:uagate mbscope:lteversion:1.71.00.1225

Trust: 1.0

vendor:softingmodel:uagate 840dscope:lteversion:1.71.00.1225

Trust: 1.0

vendor:softing industrial automationmodel:uagate 840dscope:lteversion:1.71.00.1225

Trust: 0.8

vendor:softing industrial automationmodel:uagate mbscope:lteversion:1.71.00.1225

Trust: 0.8

vendor:softing industrial automationmodel:uagate siscope:lteversion:1.71.00.1225

Trust: 0.8

vendor:softingmodel:ag uagate 840dscope:lteversion:<=1.71.00.1225

Trust: 0.6

vendor:softingmodel:ag uagate mbscope:lteversion:<=1.71.00.1225

Trust: 0.6

vendor:softingmodel:ag uagate siscope:lteversion:<=1.71.00.1225

Trust: 0.6

sources: CNVD: CNVD-2019-35847 // JVNDB: JVNDB-2019-010625 // NVD: CVE-2019-15051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15051
value: HIGH

Trust: 1.0

NVD: CVE-2019-15051
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-35847
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-701
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147059
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15051
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-35847
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-147059
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15051
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15051
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-35847 // VULHUB: VHN-147059 // JVNDB: JVNDB-2019-010625 // CNNVD: CNNVD-201910-701 // NVD: CVE-2019-15051

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-147059 // JVNDB: JVNDB-2019-010625 // NVD: CVE-2019-15051

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-701

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-701

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010625

PATCH
title:IoT Gatewaysurl:https://data-intelligence.softing.com/us/products/iot-gateways/
Trust: 0.8
title:Patch for Softing uaGate SI, uaGate MB, and uaGate 840D command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/185751
Trust: 0.6
title:Softing uaGate SI , uaGate MB  and uaGate 840D Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99311
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-35847 // 
            
            
            
            JVNDB: JVNDB-2019-010625 // 
            
            
            
            CNNVD: CNNVD-201910-701

EXTERNAL IDS
db:NVDid:CVE-2019-15051
Trust: 3.1
db:JVNDBid:JVNDB-2019-010625
Trust: 0.8
db:CNNVDid:CNNVD-201910-701
Trust: 0.7
db:CNVDid:CNVD-2019-35847
Trust: 0.6
db:VULHUBid:VHN-147059
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-35847 // 
            
            
            
            VULHUB: VHN-147059 // 
            
            
            
            JVNDB: JVNDB-2019-010625 // 
            
            
            
            CNNVD: CNNVD-201910-701 // 
            
            
            
            NVD: CVE-2019-15051

REFERENCES
url:https://security.mioso.com/cve-2019-15051-en.html
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-15051
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15051
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-35847 // 
            
            
            
            VULHUB: VHN-147059 // 
            
            
            
            JVNDB: JVNDB-2019-010625 // 
            
            
            
            CNNVD: CNNVD-201910-701 // 
            
            
            
            NVD: CVE-2019-15051

SOURCES
db:CNVDid:CNVD-2019-35847
db:VULHUBid:VHN-147059
db:JVNDBid:JVNDB-2019-010625
db:CNNVDid:CNNVD-201910-701
db:NVDid:CVE-2019-15051

LAST UPDATE DATE
2024-11-23T22:25:45.438000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-35847date:2019-10-18T00:00:00
db:VULHUBid:VHN-147059date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-010625date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-701date:2020-09-02T00:00:00
db:NVDid:CVE-2019-15051date:2024-11-21T04:27:57.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-35847date:2019-10-18T00:00:00
db:VULHUBid:VHN-147059date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010625date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-701date:2019-10-10T00:00:00
db:NVDid:CVE-2019-15051date:2019-10-10T20:15:11.147