VAR-201902-0131
Vulnerability from variot - Updated: 2023-12-18 13:02AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. InduSoft Web Studio and InTouch Edge HMI Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Group plc InduSoft Web Studio is a set of industrial configuration software from UK's AVEVA Group plc. An attacker could use this vulnerability to execute code. Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.6,
"vendor": "indusoft web studio",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 1.6,
"vendor": "indusoft web studio",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "indusoft web studio",
"version": "8.1"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "8.0"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "6.1"
},
{
"model": "intouch machine edition 2014",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "r2"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "8.1"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "7.1"
},
{
"model": "indusoft web studio",
"scope": "lt",
"trust": 0.8,
"vendor": "aveva",
"version": "8.1 sp3"
},
{
"model": "intouch machine edition 2017",
"scope": "lt",
"trust": 0.8,
"vendor": "aveva",
"version": "2017 update"
},
{
"model": "group plc indusoft web studio||intouch edge hmi update",
"scope": "lt",
"trust": 0.6,
"vendor": "aveva",
"version": "2017"
},
{
"model": "group plc indusoft web studio||intouch edge hmi sp3",
"scope": "lt",
"trust": 0.6,
"vendor": "aveva",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "indusoft web studio",
"version": "6.1"
},
{
"model": "intouch edge hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": "indusoft web studio sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"model": "indusoft web studio sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"model": "indusoft web studio sp2 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.01"
},
{
"model": "indusoft web studio sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.0"
},
{
"model": "indusoft web studio patch",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.55"
},
{
"model": "indusoft web studio sp patch",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.434"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.4"
},
{
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.2"
},
{
"model": "indusoft web studio sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"model": "r2",
"scope": null,
"trust": 0.2,
"vendor": "intouch machine edition 2014",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1_p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1_p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2_p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp6_p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch_machine_edition_2014:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable Research",
"sources": [
{
"db": "BID",
"id": "107144"
}
],
"trust": 0.3
},
"cve": "CVE-2019-6543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-6543",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-43391",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "25e4174a-daae-4de2-adde-0568bfec05b2",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6543",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6543",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-43391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-531",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-6543",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. InduSoft Web Studio and InTouch Edge HMI Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Group plc InduSoft Web Studio is a set of industrial configuration software from UK\u0027s AVEVA Group plc. An attacker could use this vulnerability to execute code. \nAttackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6543",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-036-01",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "46342",
"trust": 2.0
},
{
"db": "TENABLE",
"id": "TRA-2019-04",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43391",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0344",
"trust": 0.6
},
{
"db": "BID",
"id": "107144",
"trust": 0.3
},
{
"db": "IVD",
"id": "25E4174A-DAAE-4DE2-ADDE-0568BFEC05B2",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151602",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6543",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"id": "VAR-201902-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
}
],
"trust": 1.5524224666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
}
]
},
"last_update_date": "2023-12-18T13:02:21.298000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVEVA Security Bulletin LFSEC00000133",
"trust": 0.8,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec133.pdf?hslang=en"
},
{
"title": "Patch for AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI have unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192861"
},
{
"title": "AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89342"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-036-01"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2019-04"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46342/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6543"
},
{
"trust": 0.9,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec133.pdf?hslang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75070"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/products-downloads"
},
{
"trust": 0.3,
"url": "https://industrial-software.com/training-support/downloads-by-product/intouch-machine-edition"
},
{
"trust": 0.3,
"url": "https://www.exploit-db.com/exploits/46342"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/indusoftart.php?catid=1\u0026name=iws/webstudio"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/products-downloads/download-library/current-release-notes"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/151602/indusoft-web-studio-8.1-sp2-remote-code-execution.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"date": "2019-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"date": "2019-02-05T00:00:00",
"db": "BID",
"id": "107144"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"date": "2019-02-13T01:29:00.333000",
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"date": "2019-02-05T00:00:00",
"db": "BID",
"id": "107144"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"date": "2022-11-30T22:23:06.767000",
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "InduSoft Web Studio and InTouch Edge HMI Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…