cvelistv5 - cve-2019-8960

CVE-2019-8960 (GCVE-0-2019-8960)

Vulnerability from cvelistv5 – Published: 2020-04-21 14:20 – Updated: 2024-08-04 21:31

Summary

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

URL

Tags

https://community.flexera.com/t5/FlexNet-Publishe…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-21T14:20:52",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2019-8960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message",
              "refsource": "CONFIRM",
              "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2019-8960",
    "datePublished": "2020-04-21T14:20:52",
    "dateReserved": "2019-02-20T00:00:00",
    "dateUpdated": "2024-08-04T21:31:37.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95A119D7-F1C2-4F65-925F-CF0EF44B58CB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad de Denegaci\\u00f3n de Servicio relacionada con el manejo de comandos en lmadmin.exe de FlexNet Publisher versi\\u00f3n 11.16.2. La funci\\u00f3n de lectura de mensajes usada en el archivo lmadmin.exe puede, al recibir un determinado mensaje, llamarse as\\u00ed misma y luego esperar un nuevo mensaje. Con un flag particular establecido en el mensaje original, pero sin recibir un segundo mensaje, la funci\\u00f3n retorna eventualmente un valor inesperado que conlleva a que una excepci\\u00f3n sea arrojada. El resultado final puede ser una finalizaci\\u00f3n del proceso.\"}]",
      "id": "CVE-2019-8960",
      "lastModified": "2024-11-21T04:50:44.377",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-21T15:15:14.397",
      "references": "[{\"url\": \"https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-754\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8960\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2020-04-21T15:15:14.397\",\"lastModified\":\"2024-11-21T04:50:44.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad de Denegaci\u00f3n de Servicio relacionada con el manejo de comandos en lmadmin.exe de FlexNet Publisher versi\u00f3n 11.16.2. La funci\u00f3n de lectura de mensajes usada en el archivo lmadmin.exe puede, al recibir un determinado mensaje, llamarse as\u00ed misma y luego esperar un nuevo mensaje. Con un flag particular establecido en el mensaje original, pero sin recibir un segundo mensaje, la funci\u00f3n retorna eventualmente un valor inesperado que conlleva a que una excepci\u00f3n sea arrojada. El resultado final puede ser una finalizaci\u00f3n del proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95A119D7-F1C2-4F65-925F-CF0EF44B58CB\"}]}]}],\"references\":[{\"url\":\"https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2019-8960

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-8960

Aliases

CVE-2019-8960

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-8960",
    "description": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.",
    "id": "GSD-2019-8960"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-8960"
      ],
      "details": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.",
      "id": "GSD-2019-8960",
      "modified": "2023-12-13T01:23:48.334336Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2019-8960",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message",
            "refsource": "CONFIRM",
            "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2019-8960"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-754"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-04-28T19:42Z",
      "publishedDate": "2020-04-21T15:15Z"
    }
  }
}

GHSA-J42P-4M2G-2GC3

Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2022-05-24 17:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-8960"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.",
  "id": "GHSA-j42p-4m2g-2gc3",
  "modified": "2022-05-24T17:15:54Z",
  "published": "2022-05-24T17:15:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8960"
    },
    {
      "type": "WEB",
      "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-446

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Schneider Electric Software Update (SESU) versions antérieures à V2.5.0
Schneider Electric Floating License Manager versions antérieures à V2.5.0.0

SESU est notamment utilisé dans :

EcoStruxure Augmented Operator Advisor
EcoStruxure Control Expert (anciennement Unity Pro)
EcoStruxure Hybrid Distributed Control System (DCS)
EcoStruxure Machine Expert (anciennement SoMachine)
EcoStruxure Machine Expert Basic
EcoStruxure Operator Terminal Expert
Eurotherm Data Reviewer
Eurotherm iTools
eXLhoist Configuration Software
Schneider Electric Floating License Manager
Schneider Electric License Manager
Harmony XB5SSoft
SoMachine Motion
SoMove
Versatile Software BLUE
Vijeo Designer
OsiSense XX Configuration Software
Zelio Soft 2

Schneider Electric Floating License Manager est utilisé dans :

EcoStruxure Control Expert (avec licence flottante)
EcoStruxure Control Expert - Asset Link (avec licence flottante)
EcoStruxure Hybrid Distributed Control System (DCS) (anciennement PlantStruxure PES)
EcoStruxure Machine Expert (anciennement SoMachine) (avec licence flottante)
EcoStruxure Machine Expert – Safety (avec licence flottante)
Facility Expert Online
EcoStruxure Power Monitoring Expert
EcoStruxure Power SCADA Operation (anciennement PowerSCADA Expert et PowerLogic SCADA)
SoMachine Motion (avec licence flottante)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2020-196-02 du 10 juillet 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-196-01 du 10 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSchneider Electric Software Update (SESU) versions ant\u00e9rieures \u00e0 V2.5.0\u003c/li\u003e \u003cli\u003eSchneider Electric Floating License Manager versions ant\u00e9rieures \u00e0 V2.5.0.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e \u003cp\u003eSESU est notamment utilis\u00e9 dans :\u003c/p\u003e \u003cul\u003e \u003cli\u003eEcoStruxure Augmented Operator Advisor\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert (anciennement Unity Pro)\u003c/li\u003e \u003cli\u003eEcoStruxure Hybrid Distributed Control System (DCS)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert (anciennement SoMachine)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert Basic\u003c/li\u003e \u003cli\u003eEcoStruxure Operator Terminal Expert\u003c/li\u003e \u003cli\u003eEurotherm Data Reviewer\u003c/li\u003e \u003cli\u003eEurotherm iTools\u003c/li\u003e \u003cli\u003eeXLhoist Configuration Software\u003c/li\u003e \u003cli\u003eSchneider Electric Floating License Manager\u003c/li\u003e \u003cli\u003eSchneider Electric License Manager\u003c/li\u003e \u003cli\u003eHarmony XB5SSoft\u003c/li\u003e \u003cli\u003eSoMachine Motion\u003c/li\u003e \u003cli\u003eSoMove\u003c/li\u003e \u003cli\u003eVersatile Software BLUE\u003c/li\u003e \u003cli\u003eVijeo Designer\u003c/li\u003e \u003cli\u003eOsiSense XX Configuration Software\u003c/li\u003e \u003cli\u003eZelio Soft 2\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSchneider Electric Floating License Manager est utilis\u00e9 dans :\u003c/p\u003e \u003cul\u003e \u003cli\u003eEcoStruxure Control Expert (avec licence flottante)\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert - Asset Link (avec licence flottante)\u003c/li\u003e \u003cli\u003eEcoStruxure Hybrid Distributed Control System (DCS) (anciennement PlantStruxure PES)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert (anciennement SoMachine) (avec licence flottante)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert \u2013 Safety (avec licence flottante)\u003c/li\u003e \u003cli\u003eFacility Expert Online\u003c/li\u003e \u003cli\u003eEcoStruxure Power Monitoring Expert\u003c/li\u003e \u003cli\u003eEcoStruxure Power SCADA Operation (anciennement PowerSCADA Expert et PowerLogic SCADA)\u003c/li\u003e \u003cli\u003eSoMachine Motion (avec licence flottante)\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8960"
    },
    {
      "name": "CVE-2019-8961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8961"
    },
    {
      "name": "CVE-2020-7520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7520"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-446",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-17T00:00:00.000000"
    },
    {
      "description": "Correction de l\u0027ann\u00e9e des cves CVE-2019-8960 et CVE-2019-8961",
      "revision_date": "2020-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-196-02 du 10 juillet 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-196-02/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-196-01 du 10 juillet 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-196-01/"
    }
  ]
}

CERTFR-2020-AVI-446

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Schneider Electric Software Update (SESU) versions antérieures à V2.5.0
Schneider Electric Floating License Manager versions antérieures à V2.5.0.0

SESU est notamment utilisé dans :

EcoStruxure Augmented Operator Advisor
EcoStruxure Control Expert (anciennement Unity Pro)
EcoStruxure Hybrid Distributed Control System (DCS)
EcoStruxure Machine Expert (anciennement SoMachine)
EcoStruxure Machine Expert Basic
EcoStruxure Operator Terminal Expert
Eurotherm Data Reviewer
Eurotherm iTools
eXLhoist Configuration Software
Schneider Electric Floating License Manager
Schneider Electric License Manager
Harmony XB5SSoft
SoMachine Motion
SoMove
Versatile Software BLUE
Vijeo Designer
OsiSense XX Configuration Software
Zelio Soft 2

Schneider Electric Floating License Manager est utilisé dans :

EcoStruxure Control Expert (avec licence flottante)
EcoStruxure Control Expert - Asset Link (avec licence flottante)
EcoStruxure Hybrid Distributed Control System (DCS) (anciennement PlantStruxure PES)
EcoStruxure Machine Expert (anciennement SoMachine) (avec licence flottante)
EcoStruxure Machine Expert – Safety (avec licence flottante)
Facility Expert Online
EcoStruxure Power Monitoring Expert
EcoStruxure Power SCADA Operation (anciennement PowerSCADA Expert et PowerLogic SCADA)
SoMachine Motion (avec licence flottante)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2020-196-02 du 10 juillet 2020	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2020-196-01 du 10 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSchneider Electric Software Update (SESU) versions ant\u00e9rieures \u00e0 V2.5.0\u003c/li\u003e \u003cli\u003eSchneider Electric Floating License Manager versions ant\u00e9rieures \u00e0 V2.5.0.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e \u003cp\u003eSESU est notamment utilis\u00e9 dans :\u003c/p\u003e \u003cul\u003e \u003cli\u003eEcoStruxure Augmented Operator Advisor\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert (anciennement Unity Pro)\u003c/li\u003e \u003cli\u003eEcoStruxure Hybrid Distributed Control System (DCS)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert (anciennement SoMachine)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert Basic\u003c/li\u003e \u003cli\u003eEcoStruxure Operator Terminal Expert\u003c/li\u003e \u003cli\u003eEurotherm Data Reviewer\u003c/li\u003e \u003cli\u003eEurotherm iTools\u003c/li\u003e \u003cli\u003eeXLhoist Configuration Software\u003c/li\u003e \u003cli\u003eSchneider Electric Floating License Manager\u003c/li\u003e \u003cli\u003eSchneider Electric License Manager\u003c/li\u003e \u003cli\u003eHarmony XB5SSoft\u003c/li\u003e \u003cli\u003eSoMachine Motion\u003c/li\u003e \u003cli\u003eSoMove\u003c/li\u003e \u003cli\u003eVersatile Software BLUE\u003c/li\u003e \u003cli\u003eVijeo Designer\u003c/li\u003e \u003cli\u003eOsiSense XX Configuration Software\u003c/li\u003e \u003cli\u003eZelio Soft 2\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSchneider Electric Floating License Manager est utilis\u00e9 dans :\u003c/p\u003e \u003cul\u003e \u003cli\u003eEcoStruxure Control Expert (avec licence flottante)\u003c/li\u003e \u003cli\u003eEcoStruxure Control Expert - Asset Link (avec licence flottante)\u003c/li\u003e \u003cli\u003eEcoStruxure Hybrid Distributed Control System (DCS) (anciennement PlantStruxure PES)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert (anciennement SoMachine) (avec licence flottante)\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert \u2013 Safety (avec licence flottante)\u003c/li\u003e \u003cli\u003eFacility Expert Online\u003c/li\u003e \u003cli\u003eEcoStruxure Power Monitoring Expert\u003c/li\u003e \u003cli\u003eEcoStruxure Power SCADA Operation (anciennement PowerSCADA Expert et PowerLogic SCADA)\u003c/li\u003e \u003cli\u003eSoMachine Motion (avec licence flottante)\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8960"
    },
    {
      "name": "CVE-2019-8961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8961"
    },
    {
      "name": "CVE-2020-7520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7520"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-446",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-17T00:00:00.000000"
    },
    {
      "description": "Correction de l\u0027ann\u00e9e des cves CVE-2019-8960 et CVE-2019-8961",
      "revision_date": "2020-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-196-02 du 10 juillet 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-196-02/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-196-01 du 10 juillet 2020",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2020-196-01/"
    }
  ]
}

CNVD-2020-33246

Vulnerability from cnvd - Published: 2020-06-15

Title

Flexera Software FlexNet Publisher拒绝服务漏洞

Description

Flexera Software FlexNet Publisher（FLEXlm）是美国Flexera Software公司的一款授权关系管理解决方案（Entitlement Relationship Management Solution）中的软件授权管理核心组件。该产品可为软件与硬件生产商提供定价、打包和定制软件授权期限。 Flexera Software FlexNet Publisher lmadmin.exe 11.16.2版本中存在拒绝服务漏洞。攻击者可利用该漏洞终止进程。

Severity

中

Patch Name

Flexera Software FlexNet Publisher拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-8960

Impacted products

Name
Flexera Software FlexNet Publisher lmadmin.exe 11.16.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-8960"
    }
  },
  "description": "Flexera Software FlexNet Publisher\uff08FLEXlm\uff09\u662f\u7f8e\u56fdFlexera Software\u516c\u53f8\u7684\u4e00\u6b3e\u6388\u6743\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08Entitlement Relationship Management Solution\uff09\u4e2d\u7684\u8f6f\u4ef6\u6388\u6743\u7ba1\u7406\u6838\u5fc3\u7ec4\u4ef6\u3002\u8be5\u4ea7\u54c1\u53ef\u4e3a\u8f6f\u4ef6\u4e0e\u786c\u4ef6\u751f\u4ea7\u5546\u63d0\u4f9b\u5b9a\u4ef7\u3001\u6253\u5305\u548c\u5b9a\u5236\u8f6f\u4ef6\u6388\u6743\u671f\u9650\u3002\n\nFlexera Software FlexNet Publisher lmadmin.exe 11.16.2\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ec8\u6b62\u8fdb\u7a0b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-33246",
  "openTime": "2020-06-15",
  "patchDescription": "Flexera Software FlexNet Publisher\uff08FLEXlm\uff09\u662f\u7f8e\u56fdFlexera Software\u516c\u53f8\u7684\u4e00\u6b3e\u6388\u6743\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08Entitlement Relationship Management Solution\uff09\u4e2d\u7684\u8f6f\u4ef6\u6388\u6743\u7ba1\u7406\u6838\u5fc3\u7ec4\u4ef6\u3002\u8be5\u4ea7\u54c1\u53ef\u4e3a\u8f6f\u4ef6\u4e0e\u786c\u4ef6\u751f\u4ea7\u5546\u63d0\u4f9b\u5b9a\u4ef7\u3001\u6253\u5305\u548c\u5b9a\u5236\u8f6f\u4ef6\u6388\u6743\u671f\u9650\u3002\r\n\r\nFlexera Software FlexNet Publisher lmadmin.exe 11.16.2\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ec8\u6b62\u8fdb\u7a0b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Flexera Software FlexNet Publisher\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Flexera Software FlexNet Publisher lmadmin.exe 11.16.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-8960",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-22",
  "title": "Flexera Software FlexNet Publisher\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2019-8960

Vulnerability from fkie_nvd - Published: 2020-04-21 15:15 - Updated: 2024-11-21 04:50

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	PSIRT-CNA@flexerasoftware.com	https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message	Vendor Advisory

Impacted products

	Vendor	Product	Version
	flexera	flexnet_publisher	11.16.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95A119D7-F1C2-4F65-925F-CF0EF44B58CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de Denegaci\u00f3n de Servicio relacionada con el manejo de comandos en lmadmin.exe de FlexNet Publisher versi\u00f3n 11.16.2. La funci\u00f3n de lectura de mensajes usada en el archivo lmadmin.exe puede, al recibir un determinado mensaje, llamarse as\u00ed misma y luego esperar un nuevo mensaje. Con un flag particular establecido en el mensaje original, pero sin recibir un segundo mensaje, la funci\u00f3n retorna eventualmente un valor inesperado que conlleva a que una excepci\u00f3n sea arrojada. El resultado final puede ser una finalizaci\u00f3n del proceso."
    }
  ],
  "id": "CVE-2019-8960",
  "lastModified": "2024-11-21T04:50:44.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-21T15:15:14.397",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-8960 (GCVE-0-2019-8960)

GSD-2019-8960

GHSA-J42P-4M2G-2GC3

CERTFR-2020-AVI-446

Solution

CERTFR-2020-AVI-446

Solution

CNVD-2020-33246

FKIE_CVE-2019-8960

Tags

Sightings

Nomenclature