CVE-2019-11536

Опубликовано: 22 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser.

Ссылки

https://www.kalkitech.com/cybersecurity/
Vendor Advisory
https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf
Vendor Advisory
https://www.kalkitech.com/cybersecurity/
Vendor Advisory
https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:kalkitech:sync3000_firmware:2.22.6:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:2.23.0:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:2.24.0:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.0.0:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.1.0:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.1.16:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.2.3:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.2.6:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.5.0:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.6.0:*:*:*:*:*:*:*

cpe:2.3:o:kalkitech:sync3000_firmware:3.6.1:*:*:*:*:*:*:*

cpe:2.3:h:kalkitech:sync3000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00385

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9hwm-38q8-6jgf

github

больше 3 лет назад