Details of VAR-201910-1640

ID

VAR-201910-1640

CVE

CVE-2019-11528

TITLE

Softing uaGate SI Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-010628 // CNNVD: CNNVD-201910-699

DESCRIPTION

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. Softing uaGate SI Contains a buffer error vulnerability.Information may be tampered with. Softing uaGate SI is a compact industrial gateway product from German Softing company. There are security vulnerabilities in Softing uaGate SI version 1.60.01. An attacker could use this vulnerability to modify or add executable files in the system default path

Trust: 2.25

sources: NVD: CVE-2019-11528 // JVNDB: JVNDB-2019-010628 // CNVD: CNVD-2019-35797 // VULHUB: VHN-143183

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-35797

AFFECTED PRODUCTS

vendor:	softing	model:	uagate si	scope:	eq	version:	1.60.01	Trust: 1.6
vendor:	softing industrial automation	model:	uagate si	scope:	eq	version:	1.60.01	Trust: 0.8
vendor:	softing	model:	ag uagate si	scope:	eq	version:	1.60.01	Trust: 0.6
vendor:	softing	model:	uagate si	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-35797 // JVNDB: JVNDB-2019-010628 // CNNVD: CNNVD-201910-699 // NVD: CVE-2019-11528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11528
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-11528
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-35797
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-699
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-143183
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11528
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-35797
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-143183
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11528
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-11528
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-35797 // VULHUB: VHN-143183 // JVNDB: JVNDB-2019-010628 // CNNVD: CNNVD-201910-699 // NVD: CVE-2019-11528

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-143183 // JVNDB: JVNDB-2019-010628 // NVD: CVE-2019-11528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-699

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-699

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010628

PATCH

title:	uaGate SI	url:	https://data-intelligence.softing.com/us/products/iot-gateways/uagate-si/	Trust: 0.8
title:	Patch for Softing uaGate SI default permission vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/185625	Trust: 0.6
title:	Softing uaGate SI Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99310	Trust: 0.6

sources: CNVD: CNVD-2019-35797 // JVNDB: JVNDB-2019-010628 // CNNVD: CNNVD-201910-699

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11528	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-010628	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-699	Trust: 0.7
db:	CNVD	id:	CNVD-2019-35797	Trust: 0.6
db:	VULHUB	id:	VHN-143183	Trust: 0.1

sources: CNVD: CNVD-2019-35797 // VULHUB: VHN-143183 // JVNDB: JVNDB-2019-010628 // CNNVD: CNNVD-201910-699 // NVD: CVE-2019-11528

REFERENCES

url:	https://security.mioso.com/cve-2019-11528-en.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11528	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11528	Trust: 0.8

sources: CNVD: CNVD-2019-35797 // VULHUB: VHN-143183 // JVNDB: JVNDB-2019-010628 // CNNVD: CNNVD-201910-699 // NVD: CVE-2019-11528

SOURCES

db:	CNVD	id:	CNVD-2019-35797
db:	VULHUB	id:	VHN-143183
db:	JVNDB	id:	JVNDB-2019-010628
db:	CNNVD	id:	CNNVD-201910-699
db:	NVD	id:	CVE-2019-11528

LAST UPDATE DATE

2024-11-23T21:59:39.060000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-35797	date:	2019-10-18T00:00:00
db:	VULHUB	id:	VHN-143183	date:	2019-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-010628	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-699	date:	2019-10-24T00:00:00
db:	NVD	id:	CVE-2019-11528	date:	2024-11-21T04:21:17.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-35797	date:	2019-10-18T00:00:00
db:	VULHUB	id:	VHN-143183	date:	2019-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-010628	date:	2019-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201910-699	date:	2019-10-10T00:00:00
db:	NVD	id:	CVE-2019-11528	date:	2019-10-10T20:15:11.083