cvelistv5 - CVE-2019-7256

CVE-2019-7256 (GCVE-0-2019-7256)

Vulnerability from cvelistv5

Published

2019-07-02 00:00

Modified

2025-10-21 23:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Linear eMerge E3-Series devices allow Command Injections.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2024-03-25

Due date: 2024-04-15

Required action: Contact the vendor for guidance on remediating firmware, per their advisory.

Used in ransomware: Unknown

Notes: https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf, https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01; https://nvd.nist.gov/vuln/detail/CVE-2019-7256

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:1.00-06:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linear_emerge_essential_firmware",
            "vendor": "nortekcontrol",
            "versions": [
              {
                "status": "affected",
                "version": "1.00-06"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:1.00-06:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linear_emerge_elite_firmware",
            "vendor": "nortekcontrol",
            "versions": [
              {
                "status": "affected",
                "version": "1.00-06"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-7256",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-27T04:00:11.102367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:34.488Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-03-25T00:00:00+00:00",
            "value": "CVE-2019-7256 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:45.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Linear eMerge E3-Series devices allow Command Injections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-05T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://applied-risk.com/labs/advisories"
        },
        {
          "url": "https://www.applied-risk.com/resources/ar-2019-005"
        },
        {
          "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7256",
    "datePublished": "2019-07-02T00:00:00.000Z",
    "dateReserved": "2019-01-31T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:34.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-7256",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2024-03-25",
      "dueDate": "2024-04-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf, https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01; https://nvd.nist.gov/vuln/detail/CVE-2019-7256",
      "product": "Linear eMerge E3-Series",
      "requiredAction": "Contact the vendor for guidance on remediating firmware, per their advisory.",
      "shortDescription": "Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.",
      "vendorProject": "Nice",
      "vulnerabilityName": "Nice Linear eMerge E3-Series OS Command Injection Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-7256\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-02T19:15:11.147\",\"lastModified\":\"2025-10-22T00:16:45.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Linear eMerge E3-Series devices allow Command Injections.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Linear eMerge E3-Series permiten Inyecciones de Comando.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2024-03-25\",\"cisaActionDue\":\"2024-04-15\",\"cisaRequiredAction\":\"Contact the vendor for guidance on remediating firmware, per their advisory.\",\"cisaVulnerabilityName\":\"Nice Linear eMerge E3-Series OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.00-06\",\"matchCriteriaId\":\"6732033A-E740-473B-9929-5D3267E938A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92DB5201-9021-4302-B484-D846439BBC96\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.00-06\",\"matchCriteriaId\":\"CDD3F346-1C4C-4EA6-9696-7BCF3C169224\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3465CA75-36C8-49E6-98BD-FFCE518E5399\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://applied-risk.com/labs/advisories\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.applied-risk.com/resources/ar-2019-005\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://applied-risk.com/labs/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.applied-risk.com/resources/ar-2019-005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://applied-risk.com/labs/advisories\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.applied-risk.com/resources/ar-2019-005\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T20:46:45.713Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-7256\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-27T04:00:11.102367Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:1.00-06:*:*:*:*:*:*:*\"], \"vendor\": \"nortekcontrol\", \"product\": \"linear_emerge_essential_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00-06\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:1.00-06:*:*:*:*:*:*:*\"], \"vendor\": \"nortekcontrol\", \"product\": \"linear_emerge_elite_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.00-06\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-03-25T00:00:00+00:00\", \"value\": \"CVE-2019-7256 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T17:06:56.045Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://applied-risk.com/labs/advisories\"}, {\"url\": \"https://www.applied-risk.com/resources/ar-2019-005\"}, {\"url\": \"http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html\"}, {\"url\": \"http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html\"}, {\"url\": \"http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html\"}, {\"url\": \"http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Linear eMerge E3-Series devices allow Command Injections.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-01-05T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-7256\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:45:34.488Z\", \"dateReserved\": \"2019-01-31T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-07-02T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

var-201907-0157

Vulnerability from variot

Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0157",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linear emerge essential",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nortekcontrol",
        "version": "1.00-06"
      },
      {
        "model": "linear emerge elite",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nortekcontrol",
        "version": "1.00-06"
      },
      {
        "model": "linear emerge essential",
        "scope": null,
        "trust": 0.8,
        "vendor": "nortek",
        "version": null
      },
      {
        "model": "linear emerge elite",
        "scope": null,
        "trust": 0.8,
        "vendor": "nortek",
        "version": null
      },
      {
        "model": "security\u0026control linear emerge e3-series",
        "scope": null,
        "trust": 0.6,
        "vendor": "nortek",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LiquidWorm",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-7256",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-7256",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-21274",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-158691",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-7256",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 10.0,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-7256",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-7256",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2019-7256",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-7256",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-21274",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-107",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158691",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-7256",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7256"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-158691",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-7256",
        "trust": 4.0
      },
      {
        "db": "PACKETSTORM",
        "id": "170372",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155255",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155272",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155256",
        "trust": 1.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-065-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96911165",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "47619",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7256",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "id": "VAR-201907-0157",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:07.647000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
        "trust": 0.8,
        "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
      },
      {
        "title": "Nuclei Templates\nResources",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra25/nuclei-templates "
      },
      {
        "title": "Nuclei Templates\nResources",
        "trust": 0.1,
        "url": "https://github.com/merlinepedra/nuclei-templates "
      },
      {
        "title": "Kenzer Templates [1289]",
        "trust": 0.1,
        "url": "https://github.com/Elsfa7-110/kenzer-templates "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/manas3c/CVE-POC "
      },
      {
        "title": "Kenzer Templates [5170] [DEPRECATED]",
        "trust": 0.1,
        "url": "https://github.com/ARPSyndicate/kenzer-templates "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://www.applied-risk.com/resources/ar-2019-005"
      },
      {
        "trust": 2.4,
        "url": "https://applied-risk.com/labs/advisories"
      },
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/155272/linear-emerge-e3-access-controller-command-injection.html"
      },
      {
        "trust": 1.9,
        "url": "http://packetstormsecurity.com/files/155255/linear-emerge-e3-1.00-06-card_scan.php-command-injection.html"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/155256/linear-emerge-e3-1.00-06-card_scan_decoder.php-command-injection.html"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/170372/linear-emerge-e3-series-access-controller-command-injection.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7256"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96911165/"
      },
      {
        "trust": 0.8,
        "url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/47619"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/arpsyndicate/kenzer-templates"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "date": "2019-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      },
      {
        "date": "2019-07-02T19:15:11.147000",
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-21274"
      },
      {
        "date": "2023-03-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158691"
      },
      {
        "date": "2023-03-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-7256"
      },
      {
        "date": "2024-05-31T03:34:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      },
      {
        "date": "2023-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      },
      {
        "date": "2024-11-21T04:47:51.290000",
        "db": "NVD",
        "id": "CVE-2019-7256"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Linear\u00a0eMerge\u00a0E3\u00a0 For devices in the series \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005909"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-107"
      }
    ],
    "trust": 0.6
  }
}

icsa-24-065-01

Vulnerability from csaf_cisa

Published

2024-03-05 07:00

Modified

2024-03-05 07:00

Summary

Nice Linear eMerge E3-Series

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.

Critical infrastructure sectors

Commercial Facilities

Countries/areas deployed

Worldwide

Company headquarters location

Italy

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Gjoko Krstic"
        ],
        "organization": "Zero Science Lab",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Italy",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-065-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-065-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-065-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Nice Linear eMerge E3-Series",
    "tracking": {
      "current_release_date": "2024-03-05T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-065-01",
      "initial_release_date": "2024-03-05T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-03-05T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.00-06",
                "product": {
                  "name": "Nice Linear eMerge E3-Series: \u003c=1.00-06",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Linear eMerge E3-Series"
          }
        ],
        "category": "vendor",
        "name": "Nice"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7253",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to path traversal. This could allow an attacker to gain unauthorized access to the system and sensitive data. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7253"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7254",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Versions of Nice Linear eMerge E3-Series firmware 1.00-06 and prior are vulnerable to a file inclusion through path traversal, which could give the attacker access to sensitive information. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7254"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7255",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to cross-site scripting, which could allow an attacker to obtain and alter some information on the system. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7255"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7256",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to OS command injection, which could allow an attacker to cause remote code execution. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7256"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7257",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to unrestricted upload of malicious files, which could allow an attacker to execute arbitrary code. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7257"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7258",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior suffer from an authorization mechanism vulnerability. This could allow an attacker to escalate privileges and gain full control of the system. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7258"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7259",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authorization bypass occurs in Nice Linear eMerge E3-Series versions 1.00-06 and prior when an authenticated attacker visits a specific GET request against the target, resulting in disclosure of administrative credentials in clear-text. This allows the attacker to re-login with admin privileges and have full access to the control interface. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7259"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7260",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application of Nice Linear eMerge E3-Series versions 1.00-06 and prior stores passwords in clear-text in its DBMS system. Storing a password in plaintext may result in a system compromise. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7260"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7261",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Hard-coded credentials are present in multiple binaries  bundled in the Nice Linear eMerge E3-Series versions 1.00-06 and prior firmware OS. These hard-coded credentials typically create a significant hole that could allow an attacker to bypass the authentication configured by the software administrator. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7261"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7265",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Nice Linear eMerge E3-Series versions 1.00-06 and prior access control platform has SSH enabled with hardcoded credentials for the root account. This could allow an unauthenticated attacker to initiate a secure connection with highest privileges (root) and gain full system access. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7265"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7262",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application of Nice Linear eMerge E3-Series versions 1.00-06 and prior allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. An attacker could exploit this to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7262"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7264",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow exists, affecting several CGI binaries of Nice Linear eMerge E3-Series versions 1.00-06 and prior. The vulnerability is caused due to a boundary error in the processing of a user input, which an attacker could exploit to cause a buffer overflow. Successful exploitation could allow execution of arbitrary code on the affected device. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7264"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

ICSA-24-065-01

Vulnerability from csaf_cisa

Published

2024-03-05 07:00

Modified

2024-03-05 07:00

Summary

Nice Linear eMerge E3-Series

Notes

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.

Critical infrastructure sectors

Commercial Facilities

Countries/areas deployed

Worldwide

Company headquarters location

Italy

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Gjoko Krstic"
        ],
        "organization": "Zero Science Lab",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Italy",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-065-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-065-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-065-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Nice Linear eMerge E3-Series",
    "tracking": {
      "current_release_date": "2024-03-05T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-065-01",
      "initial_release_date": "2024-03-05T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-03-05T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.00-06",
                "product": {
                  "name": "Nice Linear eMerge E3-Series: \u003c=1.00-06",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Linear eMerge E3-Series"
          }
        ],
        "category": "vendor",
        "name": "Nice"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7253",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to path traversal. This could allow an attacker to gain unauthorized access to the system and sensitive data. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7253"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7254",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Versions of Nice Linear eMerge E3-Series firmware 1.00-06 and prior are vulnerable to a file inclusion through path traversal, which could give the attacker access to sensitive information. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7254"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7255",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to cross-site scripting, which could allow an attacker to obtain and alter some information on the system. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7255"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7256",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to OS command injection, which could allow an attacker to cause remote code execution. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7256"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7257",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to unrestricted upload of malicious files, which could allow an attacker to execute arbitrary code. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7257"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7258",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Nice Linear eMerge E3-Series versions 1.00-06 and prior suffer from an authorization mechanism vulnerability. This could allow an attacker to escalate privileges and gain full control of the system. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7258"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7259",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authorization bypass occurs in Nice Linear eMerge E3-Series versions 1.00-06 and prior when an authenticated attacker visits a specific GET request against the target, resulting in disclosure of administrative credentials in clear-text. This allows the attacker to re-login with admin privileges and have full access to the control interface. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7259"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7260",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application of Nice Linear eMerge E3-Series versions 1.00-06 and prior stores passwords in clear-text in its DBMS system. Storing a password in plaintext may result in a system compromise. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7260"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7261",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Hard-coded credentials are present in multiple binaries  bundled in the Nice Linear eMerge E3-Series versions 1.00-06 and prior firmware OS. These hard-coded credentials typically create a significant hole that could allow an attacker to bypass the authentication configured by the software administrator. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7261"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7265",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Nice Linear eMerge E3-Series versions 1.00-06 and prior access control platform has SSH enabled with hardcoded credentials for the root account. This could allow an unauthenticated attacker to initiate a secure connection with highest privileges (root) and gain full system access. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7265"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7262",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application of Nice Linear eMerge E3-Series versions 1.00-06 and prior allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. An attacker could exploit this to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7262"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-7264",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow exists, affecting several CGI binaries of Nice Linear eMerge E3-Series versions 1.00-06 and prior. The vulnerability is caused due to a boundary error in the processing of a user input, which an attacker could exploit to cause a buffer overflow. Successful exploitation could allow execution of arbitrary code on the affected device. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7264"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice\u0027s E3-Bulletin for more information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Minimize network exposure of devices, ensuring they are not accessible from the internet.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the devices behind firewalls and isolate them from other networks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change default credentials on the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Change the default IP address of the device.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "See Nice\u0027s Telephone Entry Bulletin for additional information.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf"
        },
        {
          "category": "mitigation",
          "details": "Users should contact Nice with any questions.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://na.niceforyou.com/about/contact/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

gsd-2019-7256

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Linear eMerge E3-Series devices allow Command Injections.

Aliases

CVE-2019-7256

Aliases

CVE-2019-7256

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-7256",
    "description": "Linear eMerge E3-Series devices allow Command Injections.",
    "id": "GSD-2019-7256",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2019-7256"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-7256"
      ],
      "details": "Linear eMerge E3-Series devices allow Command Injections.",
      "id": "GSD-2019-7256",
      "modified": "2023-12-13T01:23:46.821215Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-7256",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Linear eMerge E3-Series devices allow Command Injections."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://applied-risk.com/labs/advisories",
            "refsource": "MISC",
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "name": "https://www.applied-risk.com/resources/ar-2019-005",
            "refsource": "MISC",
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "name": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2024-04-15",
        "cisaExploitAdd": "2024-03-25",
        "cisaRequiredAction": "Contact the vendor for guidance on remediating firmware, per their advisory.",
        "cisaVulnerabilityName": "Nice Linear eMerge E3-Series OS Command Injection Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6732033A-E740-473B-9929-5D3267E938A9",
                    "versionEndIncluding": "1.00-06",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "92DB5201-9021-4302-B484-D846439BBC96",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CDD3F346-1C4C-4EA6-9696-7BCF3C169224",
                    "versionEndIncluding": "1.00-06",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3465CA75-36C8-49E6-98BD-FFCE518E5399",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Linear eMerge E3-Series devices allow Command Injections."
          },
          {
            "lang": "es",
            "value": "Los dispositivos Linear eMerge E3-Series permiten Inyecciones de Comando."
          }
        ],
        "id": "CVE-2019-7256",
        "lastModified": "2024-03-26T01:00:02.003",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2019-07-02T19:15:11.147",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Not Applicable"
            ],
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-78"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

cnvd-2019-21274

Vulnerability from cnvd

Title

Linear eMerge E3-Series命令注入漏洞

Description

Nortek Security＆Control Linear eMerge E3-Series是美国Nortek Security＆Control公司的一款门禁控制设备。 Linear eMerge E3-Series设备中存在命令注入漏洞，该漏洞源于程序使用外部输入来构建命令，但未能对其可以修改命令的特殊元素进行正确的处理。攻击者可利用该漏洞对操作系统直接实施危险的命令。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.nortekcontrol.com/

Reference

https://www.applied-risk.com/resources/ar-2019-005 https://applied-risk.com/labs/advisories

Impacted products

Name
Nortek Security＆Control Linear eMerge E3-Series

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7256"
    }
  },
  "description": "Nortek Security\uff06Control Linear eMerge E3-Series\u662f\u7f8e\u56fdNortek Security\uff06Control\u516c\u53f8\u7684\u4e00\u6b3e\u95e8\u7981\u63a7\u5236\u8bbe\u5907\u3002\n\nLinear eMerge E3-Series\u8bbe\u5907\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u5916\u90e8\u8f93\u5165\u6765\u6784\u5efa\u547d\u4ee4\uff0c\u4f46\u672a\u80fd\u5bf9\u5176\u53ef\u4ee5\u4fee\u6539\u547d\u4ee4\u7684\u7279\u6b8a\u5143\u7d20\u8fdb\u884c\u6b63\u786e\u7684\u5904\u7406\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u64cd\u4f5c\u7cfb\u7edf\u76f4\u63a5\u5b9e\u65bd\u5371\u9669\u7684\u547d\u4ee4\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.nortekcontrol.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-21274",
  "openTime": "2019-07-05",
  "products": {
    "product": "Nortek Security\uff06Control Linear eMerge E3-Series"
  },
  "referenceLink": "https://www.applied-risk.com/resources/ar-2019-005\r\nhttps://applied-risk.com/labs/advisories",
  "serverity": "\u9ad8",
  "submitTime": "2019-07-04",
  "title": "Linear eMerge E3-Series\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

ghsa-24pq-phfq-785f

Vulnerability from github

Published

2022-05-24 22:00

Modified

2025-10-22 00:31

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Linear eMerge E3-Series devices allow Command Injections.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-7256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-02T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Linear eMerge E3-Series devices allow Command Injections.",
  "id": "GHSA-24pq-phfq-785f",
  "modified": "2025-10-22T00:31:42Z",
  "published": "2022-05-24T22:00:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7256"
    },
    {
      "type": "WEB",
      "url": "https://applied-risk.com/labs/advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.applied-risk.com/resources/ar-2019-005"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2019-7256

Vulnerability from fkie_nvd

Published

2019-07-02 19:15

Modified

2025-10-22 00:16

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Linear eMerge E3-Series devices allow Command Injections.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://applied-risk.com/labs/advisories	Not Applicable
cve@mitre.org	https://www.applied-risk.com/resources/ar-2019-005	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://applied-risk.com/labs/advisories	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://www.applied-risk.com/resources/ar-2019-005	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256

Impacted products

Vendor	Product	Version
nortekcontrol	linear_emerge_essential_firmware	*
nortekcontrol	linear_emerge_essential	-
nortekcontrol	linear_emerge_elite_firmware	*
nortekcontrol	linear_emerge_elite	-

JSON

To clipboard

{
  "cisaActionDue": "2024-04-15",
  "cisaExploitAdd": "2024-03-25",
  "cisaRequiredAction": "Contact the vendor for guidance on remediating firmware, per their advisory.",
  "cisaVulnerabilityName": "Nice Linear eMerge E3-Series OS Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6732033A-E740-473B-9929-5D3267E938A9",
              "versionEndIncluding": "1.00-06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92DB5201-9021-4302-B484-D846439BBC96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDD3F346-1C4C-4EA6-9696-7BCF3C169224",
              "versionEndIncluding": "1.00-06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3465CA75-36C8-49E6-98BD-FFCE518E5399",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Linear eMerge E3-Series devices allow Command Injections."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Linear eMerge E3-Series permiten Inyecciones de Comando."
    }
  ],
  "id": "CVE-2019-7256",
  "lastModified": "2025-10-22T00:16:45.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2019-07-02T19:15:11.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://applied-risk.com/labs/advisories"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.applied-risk.com/resources/ar-2019-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://applied-risk.com/labs/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.applied-risk.com/resources/ar-2019-005"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-7256 (GCVE-0-2019-7256)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

var-201907-0157

Vulnerability from variot

icsa-24-065-01

Vulnerability from csaf_cisa

ICSA-24-065-01

Vulnerability from csaf_cisa

gsd-2019-7256

Vulnerability from gsd

cnvd-2019-21274

Vulnerability from cnvd

ghsa-24pq-phfq-785f

Vulnerability from github

fkie_cve-2019-7256

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature