CVE-2019-13537

Опубликовано: 14 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.

Ссылки

https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf
Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-290-01
Third Party Advisory
US Government Resource
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf
Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-290-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:aveva:iec870ip_firmware:*:*:*:*:*:*:*:*

Версия до 4.14.02 (включая)

cpe:2.3:h:aveva:iec870ip:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00529

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-121

CWE-787

Связанные уязвимости

GHSA-hpw3-432w-cv6v

github

больше 3 лет назад

The IEC870IP driver for AVEVA�s Vijeo Citect and Citect SCADA and Schneider Electric�s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.