Sign-up

ID

VAR-201910-1210


CVE

CVE-2019-13529


TITLE

Sunny WebBox Firmware cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010634

DESCRIPTION

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. Sunny WebBox The firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMA Solar Technology Sunny WebBox is a device for recording, storing, displaying and transmitting solar system data from SMA Solar Technology in Germany. A Cross Site Request Forgery vulnerability exists in SMA Solar Technology Sunny WebBox with firmware version 1.6 and earlier. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.8

sources: NVD: CVE-2019-13529 // JVNDB: JVNDB-2019-010634 // VULHUB: VHN-145384 // VULMON: CVE-2019-13529

AFFECTED PRODUCTS

vendor:smamodel:sunny webboxscope:lteversion:1.6

Trust: 1.0

vendor:sma solarmodel:sunny webboxscope:lteversion:1.6

Trust: 0.8

vendor:smamodel:sunny webboxscope:eqversion: -

Trust: 0.6

vendor:smamodel:sunny webboxscope:eqversion:1.6

Trust: 0.6

sources: JVNDB: JVNDB-2019-010634 // CNNVD: CNNVD-201910-423 // NVD: CVE-2019-13529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13529
value: HIGH

Trust: 1.0

NVD: CVE-2019-13529
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-423
value: HIGH

Trust: 0.6

VULHUB: VHN-145384
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-13529
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13529
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-145384
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13529
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13529
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-145384 // VULMON: CVE-2019-13529 // JVNDB: JVNDB-2019-010634 // CNNVD: CNNVD-201910-423 // NVD: CVE-2019-13529

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-145384 // JVNDB: JVNDB-2019-010634 // NVD: CVE-2019-13529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-423

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201910-423

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010634

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2019-13529

PATCH
title:Top Pageurl:https://www.sma.de/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-010634

EXTERNAL IDS
db:NVDid:CVE-2019-13529
Trust: 2.6
db:ICS CERTid:ICSA-19-281-01
Trust: 2.6
db:PACKETSTORMid:154789
Trust: 1.8
db:JVNDBid:JVNDB-2019-010634
Trust: 0.8
db:CNNVDid:CNNVD-201910-423
Trust: 0.7
db:EXPLOIT-DBid:47480
Trust: 0.7
db:AUSCERTid:ESB-2019.3776
Trust: 0.6
db:VULHUBid:VHN-145384
Trust: 0.1
db:VULMONid:CVE-2019-13529
Trust: 0.1
sources:
            
            
            VULHUB: VHN-145384 // 
            
            
            
            VULMON: CVE-2019-13529 // 
            
            
            
            JVNDB: JVNDB-2019-010634 // 
            
            
            
            CNNVD: CNNVD-201910-423 // 
            
            
            
            NVD: CVE-2019-13529

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-281-01
Trust: 2.6
url:http://packetstormsecurity.com/files/154789/sma-solar-technology-ag-sunny-webbox-1.6-cross-site-request-forgery.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-13529
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13529
Trust: 0.8
url:https://www.exploit-db.com/exploits/47480
Trust: 0.7
url:https://www.auscert.org.au/bulletins/esb-2019.3776/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110350
Trust: 0.1
sources:
            
            
            VULHUB: VHN-145384 // 
            
            
            
            VULMON: CVE-2019-13529 // 
            
            
            
            JVNDB: JVNDB-2019-010634 // 
            
            
            
            CNNVD: CNNVD-201910-423 // 
            
            
            
            NVD: CVE-2019-13529

CREDITS
Borja Merino
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-423

SOURCES
db:VULHUBid:VHN-145384
db:VULMONid:CVE-2019-13529
db:JVNDBid:JVNDB-2019-010634
db:CNNVDid:CNNVD-201910-423
db:NVDid:CVE-2019-13529

LAST UPDATE DATE
2024-11-23T23:08:14.032000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-145384date:2019-10-15T00:00:00
db:VULMONid:CVE-2019-13529date:2019-10-15T00:00:00
db:JVNDBid:JVNDB-2019-010634date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-423date:2019-11-26T00:00:00
db:NVDid:CVE-2019-13529date:2024-11-21T04:25:05.087

SOURCES RELEASE DATE
db:VULHUBid:VHN-145384date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-13529date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010634date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-423date:2019-10-08T00:00:00
db:NVDid:CVE-2019-13529date:2019-10-09T16:15:14.310