GHSA-jpvr-c9fc-2r4h

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS4: 7.1

CVSS3: 7.1

Описание

A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack. At the time of advisory publication no public exploitation of this security vulnerability was known.

Ссылки

EPSS

Процентиль: 57%

0.00345

Низкий

7.1 High

CVSS4

7.1 High

CVSS3

CVE ID

CVE-2019-13939

Дефекты

CWE-20

Связанные уязвимости

CVE-2019-13939

CVSS3: 7.1

nvd

около 6 лет назад

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All

BDU:2020-00031

CVSS3: 7.1

fstec

около 6 лет назад

Уязвимость операционной системы Nucleus компании Mentor, связанная с недостаточной проверкой пакетов DHCP, позволяющая нарушителю оказать воздействие на доступность и целостность защищаемой информации

EPSS

Процентиль: 57%

0.00345

Низкий

7.1 High

CVSS4

7.1 High

CVSS3

CVE ID

CVE-2019-13939

Дефекты

CWE-20