Sign-up

ID

VAR-202001-0751


CVE

CVE-2019-13524


TITLE

plural  GE PACSystems RX3i  Input validation vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-014255

DESCRIPTION

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. plural GE PACSystems RX3i The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. GE PACSystems is a programmable automation controller product from GE

Trust: 2.25

sources: NVD: CVE-2019-13524 // JVNDB: JVNDB-2019-014255 // CNVD: CNVD-2020-04658 // VULMON: CVE-2019-13524

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04658

AFFECTED PRODUCTS

vendor:emersonmodel:rx3i cpe400scope:ltversion:r9.90

Trust: 1.0

vendor:emersonmodel:rx3i cpe305scope:ltversion:r9.90

Trust: 1.0

vendor:emersonmodel:rx3i cpe115scope:ltversion:r9.85

Trust: 1.0

vendor:emersonmodel:rx3i cpl410scope:ltversion:r9.90

Trust: 1.0

vendor:emersonmodel:rx3i cpe330scope:ltversion:r9.90

Trust: 1.0

vendor:emersonmodel:rx3i cru320scope:eqversion:*

Trust: 1.0

vendor:emersonmodel:rx3i cpe302scope:ltversion:r9.90

Trust: 1.0

vendor:emersonmodel:rx3i cpe100scope:ltversion:r9.85

Trust: 1.0

vendor:emersonmodel:rx3i cpe310scope:ltversion:r9.90

Trust: 1.0

vendor:エマソンmodel:rx3i cpe115scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe305scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe310scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe100scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe302scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpe400scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe330scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe310scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpe100scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpl410scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cru320scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe302scope:ltversion:r9.85

Trust: 0.8

vendor:エマソンmodel:rx3i cpe305scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpe400scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpe330scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpe115scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cru320scope:eqversion: -

Trust: 0.8

vendor:エマソンmodel:rx3i cpl410scope:ltversion:r9.85

Trust: 0.8

vendor:generalmodel:electric cru320scope: - version: -

Trust: 0.6

vendor:generalmodel:electric cpe302 <r9.90scope:eqversion:410

Trust: 0.6

vendor:generalmodel:electric cpe302 <r9.90scope:eqversion:400

Trust: 0.6

vendor:generalmodel:electric cpe302 <r9.90scope:eqversion:330

Trust: 0.6

vendor:generalmodel:electric cpe302 <r9.90scope:eqversion:310

Trust: 0.6

vendor:generalmodel:electric cpe302 <r9.90scope:eqversion:305

Trust: 0.6

vendor:generalmodel:electric cpe302 <r9.90scope: - version: -

Trust: 0.6

vendor:generalmodel:electric cpe115 <115r9.85scope: - version: -

Trust: 0.6

vendor:generalmodel:electric pacsystems rx3i cpe100 <r9.85scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-04658 // JVNDB: JVNDB-2019-014255 // NVD: CVE-2019-13524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13524
value: HIGH

Trust: 1.0

NVD: CVE-2019-13524
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-04658
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-539
value: HIGH

Trust: 0.6

VULMON: CVE-2019-13524
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13524
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-04658
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13524
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-13524
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04658 // VULMON: CVE-2019-13524 // JVNDB: JVNDB-2019-014255 // CNNVD: CNNVD-202001-539 // NVD: CVE-2019-13524

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-014255 // NVD: CVE-2019-13524

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-539

PATCH

title:Top Pageurl:https://www.emerson.com/en-us

Trust: 0.8

title:Patch for GE PACSystems Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/199993

Trust: 0.6

title:Multiple GE Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108526

Trust: 0.6

sources: CNVD: CNVD-2020-04658 // JVNDB: JVNDB-2019-014255 // CNNVD: CNNVD-202001-539

EXTERNAL IDS

db:NVDid:CVE-2019-13524

Trust: 3.1

db:ICS CERTid:ICSA-20-014-01

Trust: 3.1

db:JVNDBid:JVNDB-2019-014255

Trust: 0.8

db:CNVDid:CNVD-2020-04658

Trust: 0.6

db:AUSCERTid:ESB-2020.0156

Trust: 0.6

db:CNNVDid:CNNVD-202001-539

Trust: 0.6

db:VULMONid:CVE-2019-13524

Trust: 0.1

sources: CNVD: CNVD-2020-04658 // VULMON: CVE-2019-13524 // JVNDB: JVNDB-2019-014255 // CNNVD: CNNVD-202001-539 // NVD: CVE-2019-13524

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-014-01

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13524

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.0156/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-04658 // VULMON: CVE-2019-13524 // JVNDB: JVNDB-2019-014255 // CNNVD: CNNVD-202001-539 // NVD: CVE-2019-13524

SOURCES

db:CNVDid:CNVD-2020-04658
db:VULMONid:CVE-2019-13524
db:JVNDBid:JVNDB-2019-014255
db:CNNVDid:CNNVD-202001-539
db:NVDid:CVE-2019-13524

LAST UPDATE DATE

2024-11-23T21:46:08.203000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-04658date:2020-02-11T00:00:00
db:VULMONid:CVE-2019-13524date:2020-01-27T00:00:00
db:JVNDBid:JVNDB-2019-014255date:2020-02-07T00:00:00
db:CNNVDid:CNNVD-202001-539date:2021-01-05T00:00:00
db:NVDid:CVE-2019-13524date:2024-11-21T04:25:04.417

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-04658date:2020-02-11T00:00:00
db:VULMONid:CVE-2019-13524date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014255date:2020-02-07T00:00:00
db:CNNVDid:CNNVD-202001-539date:2020-01-14T00:00:00
db:NVDid:CVE-2019-13524date:2020-01-16T18:15:11.463