Sign-up

ID

VAR-201910-1639


CVE

CVE-2019-11527


TITLE

Softing uaGate SI In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010627

DESCRIPTION

An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. Softing uaGate SI Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Softing uaGate SI is a compact industrial gateway product from German Softing company. Attackers can use this vulnerability to execute illegal commands. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data

Trust: 2.25

sources: NVD: CVE-2019-11527 // JVNDB: JVNDB-2019-010627 // CNVD: CNVD-2019-35846 // VULHUB: VHN-143182

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-35846

AFFECTED PRODUCTS

vendor:softingmodel:uagate siscope:eqversion:1.60.01

Trust: 1.6

vendor:softing industrial automationmodel:uagate siscope:eqversion:1.60.01

Trust: 0.8

vendor:softingmodel:ag uagate siscope:eqversion:1.60.01

Trust: 0.6

vendor:softingmodel:uagate siscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-35846 // JVNDB: JVNDB-2019-010627 // CNNVD: CNNVD-201910-698 // NVD: CVE-2019-11527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11527
value: HIGH

Trust: 1.0

NVD: CVE-2019-11527
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-35846
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-698
value: MEDIUM

Trust: 0.6

VULHUB: VHN-143182
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11527
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-35846
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-143182
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11527
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-11527
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-35846 // VULHUB: VHN-143182 // JVNDB: JVNDB-2019-010627 // CNNVD: CNNVD-201910-698 // NVD: CVE-2019-11527

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-143182 // JVNDB: JVNDB-2019-010627 // NVD: CVE-2019-11527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-698

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-698

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010627

PATCH
title:uaGate SIurl:https://data-intelligence.softing.com/us/products/iot-gateways/uagate-si/
Trust: 0.8
title:Patch for Softing uaGate SI command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/185749
Trust: 0.6
title:Softing uaGate SI Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99309
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-35846 // 
            
            
            
            JVNDB: JVNDB-2019-010627 // 
            
            
            
            CNNVD: CNNVD-201910-698

EXTERNAL IDS
db:NVDid:CVE-2019-11527
Trust: 3.1
db:JVNDBid:JVNDB-2019-010627
Trust: 0.8
db:CNNVDid:CNNVD-201910-698
Trust: 0.7
db:CNVDid:CNVD-2019-35846
Trust: 0.6
db:VULHUBid:VHN-143182
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-35846 // 
            
            
            
            VULHUB: VHN-143182 // 
            
            
            
            JVNDB: JVNDB-2019-010627 // 
            
            
            
            CNNVD: CNNVD-201910-698 // 
            
            
            
            NVD: CVE-2019-11527

REFERENCES
url:https://security.mioso.com/cve-2019-11527-en.html
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-11527
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11527
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-35846 // 
            
            
            
            VULHUB: VHN-143182 // 
            
            
            
            JVNDB: JVNDB-2019-010627 // 
            
            
            
            CNNVD: CNNVD-201910-698 // 
            
            
            
            NVD: CVE-2019-11527

SOURCES
db:CNVDid:CNVD-2019-35846
db:VULHUBid:VHN-143182
db:JVNDBid:JVNDB-2019-010627
db:CNNVDid:CNNVD-201910-698
db:NVDid:CVE-2019-11527

LAST UPDATE DATE
2024-11-23T21:51:51.525000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-35846date:2019-10-18T00:00:00
db:VULHUBid:VHN-143182date:2019-10-15T00:00:00
db:JVNDBid:JVNDB-2019-010627date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-698date:2019-10-24T00:00:00
db:NVDid:CVE-2019-11527date:2024-11-21T04:21:16.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-35846date:2019-10-18T00:00:00
db:VULHUBid:VHN-143182date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010627date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-698date:2019-10-10T00:00:00
db:NVDid:CVE-2019-11527date:2019-10-10T20:15:11.037