7.8
CVE-2019-13524
- EPSS 0.4%
- Published 16.01.2020 18:15:11
- Last modified 21.11.2024 04:25:04
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.
Data is provided by the National Vulnerability Database (NVD)
Emerson ≫ Rx3i Cpe100 Firmware Version < r9.85
Emerson ≫ Rx3i Cpe115 Firmware Version < r9.85
Emerson ≫ Rx3i Cpe302 Firmware Version < r9.90
Emerson ≫ Rx3i Cpe305 Firmware Version < r9.90
Emerson ≫ Rx3i Cpe310 Firmware Version < r9.90
Emerson ≫ Rx3i Cpe330 Firmware Version < r9.90
Emerson ≫ Rx3i Cpe400 Firmware Version < r9.90
Emerson ≫ Rx3i Cpl410 Firmware Version < r9.90
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.6 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.