Sign-up

ID

VAR-202004-2183


CVE

CVE-2019-19107


TITLE

ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015486

DESCRIPTION

The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Exists in an inadequate protection of credentials.Information may be obtained. The vulnerability stems from the lack of effective permission permissions and access control measures for network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.52

sources: NVD: CVE-2019-19107 // JVNDB: JVNDB-2019-015486 // CNVD: CNVD-2020-25011 // IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3 // IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.4

sources: IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3 // IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06 // CNVD: CNVD-2020-25011

AFFECTED PRODUCTS

vendor:abbmodel:tg\/s3.2scope:eqversion: -

Trust: 1.0

vendor:busch jaegermodel:6186\/11scope:eqversion: -

Trust: 1.0

vendor:abbmodel:tg/s 3.2scope: - version: -

Trust: 0.8

vendor:busch jaeger elektromodel:6186/11scope: - version: -

Trust: 0.8

vendor:abbmodel:busch-jaeger telefon-gatewayscope:eqversion:6186/11

Trust: 0.6

vendor:abbmodel:telephone gateway tg/sscope:eqversion:3.2

Trust: 0.6

vendor:tg s3 2model: - scope:eqversion: -

Trust: 0.4

vendor:6186 11model: - scope:eqversion: -

Trust: 0.4

sources: IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3 // IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06 // CNVD: CNVD-2020-25011 // JVNDB: JVNDB-2019-015486 // NVD: CVE-2019-19107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19107
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19107
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015486
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-25011
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1903
value: MEDIUM

Trust: 0.6

IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3
value: MEDIUM

Trust: 0.2

IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-19107
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015486
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25011
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-19107
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2019-19107
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015486
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3 // IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06 // CNVD: CNVD-2020-25011 // JVNDB: JVNDB-2019-015486 // CNNVD: CNNVD-202004-1903 // NVD: CVE-2019-19107 // NVD: CVE-2019-19107

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:CWE-264

Trust: 1.0

problemtype:CWE-522

Trust: 0.8

sources: JVNDB: JVNDB-2019-015486 // NVD: CVE-2019-19107

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1903

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202004-1903

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015486

PATCH
title:Top Pageurl:https://www.busch-jaeger.de/
Trust: 0.8
title:ABBVU-EPBP-R-6530url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107680A3921&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015486

EXTERNAL IDS
db:NVDid:CVE-2019-19107
Trust: 3.4
db:CNVDid:CNVD-2020-25011
Trust: 1.0
db:CNNVDid:CNNVD-202004-1903
Trust: 1.0
db:JVNDBid:JVNDB-2019-015486
Trust: 0.8
db:IVDid:0AEA00B5-3F85-4575-9252-32CB4AF7E1A3
Trust: 0.2
db:IVDid:A392A7C6-CE4B-4BC6-9C3C-E6303B000D06
Trust: 0.2
sources:
            
            
            IVD: 0aea00b5-3f85-4575-9252-32cb4af7e1a3 // 
            
            
            
            IVD: a392a7c6-ce4b-4bc6-9c3c-e6303b000d06 // 
            
            
            
            CNVD: CNVD-2020-25011 // 
            
            
            
            JVNDB: JVNDB-2019-015486 // 
            
            
            
            CNNVD: CNNVD-202004-1903 // 
            
            
            
            NVD: CVE-2019-19107

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-19107
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=9akk107680a3921&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19107
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-25011 // 
            
            
            
            JVNDB: JVNDB-2019-015486 // 
            
            
            
            CNNVD: CNNVD-202004-1903 // 
            
            
            
            NVD: CVE-2019-19107

SOURCES
db:IVDid:0aea00b5-3f85-4575-9252-32cb4af7e1a3
db:IVDid:a392a7c6-ce4b-4bc6-9c3c-e6303b000d06
db:CNVDid:CNVD-2020-25011
db:JVNDBid:JVNDB-2019-015486
db:CNNVDid:CNNVD-202004-1903
db:NVDid:CVE-2019-19107

LAST UPDATE DATE
2024-11-23T22:44:35.619000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25011date:2020-04-26T00:00:00
db:JVNDBid:JVNDB-2019-015486date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1903date:2021-11-04T00:00:00
db:NVDid:CVE-2019-19107date:2024-11-21T04:34:12.637

SOURCES RELEASE DATE
db:IVDid:0aea00b5-3f85-4575-9252-32cb4af7e1a3date:2020-04-22T00:00:00
db:IVDid:a392a7c6-ce4b-4bc6-9c3c-e6303b000d06date:2020-04-22T00:00:00
db:CNVDid:CNVD-2020-25011date:2020-04-26T00:00:00
db:JVNDBid:JVNDB-2019-015486date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1903date:2020-04-22T00:00:00
db:NVDid:CVE-2019-19107date:2020-04-22T15:15:14.160