Vulnerability-Lookup

CVE-2019-13524 (GCVE-0-2019-13524)

Vulnerability from cvelistv5 – Published: 2020-01-16 17:53 – Updated: 2024-08-04 23:57

Summary

Severity ?

No CVSS data available.

CWE

CWE-20 - IMPROPER INPUT VALIDATION CWE-20

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	GE PACSystems RX3i	Affected: CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU320 All versions(End of Life)

CNVD-2020-04658

Vulnerability from cnvd - Published: 2020-02-11

Title

GE PACSystems输入验证错误漏洞

Description

GE PACSystems是GE公司可编程自动化控制器产品。 GE PACSystems存在输入验证错误漏洞，攻击者可利用该漏洞导致拒绝服务。

Severity

高

Patch Name

GE PACSystems输入验证错误漏洞的补丁

Patch Description

GE PACSystems是GE公司可编程自动化控制器产品。 GE PACSystems存在输入验证错误漏洞，攻击者可利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://digitalsupport.ge.com

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-014-01

Impacted products

Name
['General Electric CRU320(End of Life)', 'General Electric CPE302 410 <R9.90', 'General Electric CPE302 400 <R9.90', 'General Electric CPE302 330 <R9.90', 'General Electric CPE302 310 <R9.90', 'General Electric CPE302 305 <R9.90', 'General Electric CPE302 <R9.90', 'General Electric CPE115 <115R9.85', 'General Electric PACSystems RX3i CPE100 <R9.85']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-13524"
    }
  },
  "description": "GE PACSystems\u662fGE\u516c\u53f8\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u4ea7\u54c1\u3002\n\nGE PACSystems\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://digitalsupport.ge.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04658",
  "openTime": "2020-02-11",
  "patchDescription": "GE PACSystems\u662fGE\u516c\u53f8\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u4ea7\u54c1\u3002\r\n\r\nGE PACSystems\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GE PACSystems\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "General Electric CRU320(End of Life)",
      "General Electric CPE302 410 \u003cR9.90",
      "General Electric CPE302 400 \u003cR9.90",
      "General Electric CPE302 330 \u003cR9.90",
      "General Electric CPE302 310 \u003cR9.90",
      "General Electric CPE302 305 \u003cR9.90",
      "General Electric CPE302 \u003cR9.90",
      "General Electric CPE115 \u003c115R9.85",
      "General Electric PACSystems RX3i CPE100 \u003cR9.85"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-15",
  "title": "GE PACSystems\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

GSD-2019-13524

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-13524

Aliases

CVE-2019-13524

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-13524",
    "description": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.",
    "id": "GSD-2019-13524"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-13524"
      ],
      "details": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.",
      "id": "GSD-2019-13524",
      "modified": "2023-12-13T01:23:41.003644Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2019-13524",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GE PACSystems RX3i",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU320 All versions(End of Life)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "IMPROPER INPUT VALIDATION CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.85",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.85",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cru320_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cru320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe330:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpl410_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpl410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-13524"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-01-27T17:08Z",
      "publishedDate": "2020-01-16T18:15Z"
    }
  }
}

FKIE_CVE-2019-13524

Vulnerability from fkie_nvd - Published: 2020-01-16 18:15 - Updated: 2024-11-21 04:25

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-20-014-01	Patch, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-20-014-01	Patch, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
emerson	rx3i_cpe100_firmware	*
emerson	rx3i_cpe100	-
emerson	rx3i_cpe115_firmware	*
emerson	rx3i_cpe115	-
emerson	rx3i_cpe302_firmware	*
emerson	rx3i_cpe302	-
emerson	rx3i_cpe305_firmware	*
emerson	rx3i_cpe305	-
emerson	rx3i_cpe310_firmware	*
emerson	rx3i_cpe310	-
emerson	rx3i_cru320_firmware	*
emerson	rx3i_cru320	-
emerson	rx3i_cpe330_firmware	*
emerson	rx3i_cpe330	-
emerson	rx3i_cpe400_firmware	*
emerson	rx3i_cpe400	-
emerson	rx3i_cpl410_firmware	*
emerson	rx3i_cpl410	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6387FCD-2DCF-463C-B33B-B358FB98B797",
              "versionEndExcluding": "r9.85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AC3482-F413-46C1-B7A9-94AFD3FE74AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB6F671-24FF-46FC-AF19-BE980D0D0CC5",
              "versionEndExcluding": "r9.85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E25E3A8-646C-49A8-BEDF-2D5571F052C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD748AB-A839-4087-A3B0-D4CF3213070F",
              "versionEndExcluding": "r9.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D8DE37E-EDBF-4994-9718-1995ADA80FB3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "668BB816-3332-4AFE-87F5-8667047EE44A",
              "versionEndExcluding": "r9.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08D1771-812D-45CA-ACCD-E02E0B029B46",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BCDEDD6-EAE9-4526-89DA-205BA8B7F149",
              "versionEndExcluding": "r9.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF9F7EB1-11C7-4408-BE93-56E6E953B1BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cru320_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD9F7EB-7C85-4E6A-B19F-A8964C806670",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cru320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "858CA8BB-40ED-4946-BC15-718B5DBF8526",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B32ACB2-96DE-487B-BD5C-C5E1668A2ADC",
              "versionEndExcluding": "r9.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe330:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E7B680-787B-49A7-8646-03D295BE8427",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpe400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65386F51-7D4C-437F-BE1A-0711A24F1904",
              "versionEndExcluding": "r9.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpe400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "477CD97E-67F9-4BBB-A994-9773C0BCB6F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:emerson:rx3i_cpl410_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E877E300-75E8-4DA9-A264-E3E3ACFB59CC",
              "versionEndExcluding": "r9.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emerson:rx3i_cpl410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1A8F15-A711-4CD1-9032-CB9C5DE37A83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode."
    },
    {
      "lang": "es",
      "value": "GE PACSystems versi\u00f3n RX3i CPE100/115: todas las versiones anteriores a R9.85,CPE302/305/310/330/400/410: todas las versiones anteriores a R9.90,CRU/320, todas las versiones (End of Life), pueden permitir  a un atacante enviar paquetes especialmente manipulados para causar que el estado del m\u00f3dulo cambie al modo halt, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. Un operador necesita reiniciar el m\u00f3dulo de la CPU despu\u00e9s de quitar la bater\u00eda o el paquete de energ\u00eda para recuperase del modo halt."
    }
  ],
  "id": "CVE-2019-13524",
  "lastModified": "2024-11-21T04:25:04.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-16T18:15:11.463",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-20-014-01

Vulnerability from csaf_cisa - Published: 2020-01-14 00:00 - Updated: 2020-01-14 00:00

Summary

GE PACSystems RX3i

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could cause the system to change to halt-mode, resulting in a denial-of-service condition.

Critical infrastructure sectors

Commercial Facilities, Critical Manufacturing, Dams, Defense Industrial Base, Energy, Food and Agricultural, Government Facilities, Information Technology, Transportation Systems, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Jin Kyung Lee",
          "Yeop Chang"
        ],
        "organization": "NSR (National Security Research Institute)",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could cause the system to change to halt-mode, resulting in a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Critical Manufacturing, Dams, Defense Industrial Base, Energy, Food and Agricultural, Government Facilities, Information Technology, Transportation Systems, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-014-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-014-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-014-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-014-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "GE PACSystems RX3i",
    "tracking": {
      "current_release_date": "2020-01-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-014-01",
      "initial_release_date": "2020-01-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-01-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-014-01 GE PACSystems RX3i"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.90",
                "product": {
                  "name": "CPE310: All versions prior to R9.90",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE310"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.85",
                "product": {
                  "name": "CPE100: All versions prior to R9.85",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE100"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.90",
                "product": {
                  "name": "CPE305: All versions prior to R9.90",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE305"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.90",
                "product": {
                  "name": "CPL410: All versions prior to R9.90",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CPL410"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "CRU320: (End of Life; Upgrade to CPE330)",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "CRU320"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.85",
                "product": {
                  "name": "CPE115: All versions prior to R9.85",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE115"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.90",
                "product": {
                  "name": "CPE330: All versions prior to R9.90",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE330"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.90",
                "product": {
                  "name": "CPE400: All versions prior to R9.90",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE400"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c R9.90",
                "product": {
                  "name": "CPE302: All versions prior to R9.90",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "CPE302"
          }
        ],
        "category": "vendor",
        "name": "General Electric (GE) and Emerson"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13524",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Sending specially manipulated packets can cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.CVE-2019-13524 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13524"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Emerson has acquired the affected products from GE. All inquiries should be directed to Emerson:1-888-565-4155;1-434-214-8532 (if toll free 800 option is unavailable);Tech Support:support.mas@emerson.com,mailto:support.mas@emerson.com;Sales/Order Support: customercare.mas@emerson.com,mailto:customercare.mas@emerson.com;\u0027,empty\nicsa-20-014-01.json,vendor_fix,Version R9.85 CPE100 - Upgrade Kit: 41G2393-MS10-000-A5.zip,https://digitalsupport.ge.com/en_US/Article/EPSCPE100-Landing-Page\nicsa-20-014-01.json,vendor_fix,Version R9.85 CPE115 - Upgrade Kit: 41G2556-MS10-000-A2.zip,https://digitalsupport.ge.com/en_US/Article/EPSCPE115-Landing-Page\nicsa-20-014-01.json,vendor_fix,Version R9.90 CPE302 - Upgrade Kit: CPE302_FW9_90_41G2552-FW01-000-A3.zip,https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE302-PACSystems-RX3i-CPU-Firmware\nicsa-20-014-01.json,vendor_fix,Version R9.90 CPE305 - Upgrade Kit: CPE305_FW9_90_41G1733-MS10-000-A20.zip,https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE305-PACSystems-RX3i-CPU-DN\nicsa-20-014-01.json,vendor_fix,Version R9.90 CPE310 - Upgrade Kit: CPE310_FW9_90_41G1734-MS10-000-A20.zip,https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE310-PACSystems-RX3i-CPU-DN\nicsa-20-014-01.json,vendor_fix,Version R9.90 CPE330 - Upgrade Kit: CPE330_FW9_90_41G2016-FW01-000-A16.zip,https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE330-PACSystems-RX3i-CPU-DN\nicsa-20-014-01.json,vendor_fix,Version R9.90 CPE400 - Upgrade Kit: CPE400_FW9_90_41G2376-FW01-000-A7.zip,https://digitalsupport.ge.com/communities/en_US/Download/IC695CPE400-PACSystems-RX3i-Rackless-CPU-with-Field-Agent\nicsa-20-014-01.json,vendor_fix,Version R9.90 CPL410 - Upgrade Kit: CPL410_FW9_90_41G2617-FW01-000-A3.zip,https://digitalsupport.ge.com/communities/en_US/Download/IC695CPL410-PACSystems-RX3i-Rackless-CPU-with-Linux\nicsa-20-014-01.json,vendor_fix,Emerson notes that CPU/CRU320 has reached end of life. They recommend users upgrade to CPE330.,empty\nicsa-22-265-01.json,vendor_fix,Measuresoft recommends the following steps to remove full access to the ORCHESTRATOR service:,empty\nicsa-22-265-01.json,vendor_fix,Open a command-line window (CMD) with \u0027run as administrator\u0027,empty\nicsa-22-265-01.json,vendor_fix,Use the following command to make the permission change to the ORCHESTRATOR service: sc sdset ORCHESTRATOR D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU),empty\nicsa-22-265-01.json,vendor_fix,As a low-level user attempt to shut down the ORCHESTRATOR service: sc stop ORCHESTRATOR. User will be denied. It will no longer be possible to edit the configuration of the service by a low-level user.\u0027",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    }
  ]
}

GHSA-RVGF-QG2W-7JR4

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-13524"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-16T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.",
  "id": "GHSA-rvgf-qg2w-7jr4",
  "modified": "2022-05-24T17:06:47Z",
  "published": "2022-05-24T17:06:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13524"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202001-0751

Vulnerability from variot - Updated: 2023-12-18 12:10

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. plural GE PACSystems RX3i The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. GE PACSystems is a programmable automation controller product from GE

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0751",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rx3i cpe330",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.90"
      },
      {
        "model": "rx3i cpe115",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.90"
      },
      {
        "model": "rx3i cpl410",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.90"
      },
      {
        "model": "rx3i cru320",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "*"
      },
      {
        "model": "rx3i cpe305",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.90"
      },
      {
        "model": "rx3i cpe100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe302",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.90"
      },
      {
        "model": "rx3i cpe310",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "emerson",
        "version": "r9.90"
      },
      {
        "model": "rx3i cpe115",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe305",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe310",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe100",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe302",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpe400",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe330",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe310",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpe100",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpl410",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cru320",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe302",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "rx3i cpe305",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpe400",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpe330",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpe115",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cru320",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": null
      },
      {
        "model": "rx3i cpl410",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a8\u30de\u30bd\u30f3",
        "version": "r9.85"
      },
      {
        "model": "electric cru320",
        "scope": null,
        "trust": 0.6,
        "vendor": "general",
        "version": null
      },
      {
        "model": "electric cpe302 \u003cr9.90",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general",
        "version": "410"
      },
      {
        "model": "electric cpe302 \u003cr9.90",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general",
        "version": "400"
      },
      {
        "model": "electric cpe302 \u003cr9.90",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general",
        "version": "330"
      },
      {
        "model": "electric cpe302 \u003cr9.90",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general",
        "version": "310"
      },
      {
        "model": "electric cpe302 \u003cr9.90",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general",
        "version": "305"
      },
      {
        "model": "electric cpe302 \u003cr9.90",
        "scope": null,
        "trust": 0.6,
        "vendor": "general",
        "version": null
      },
      {
        "model": "electric cpe115 \u003c115r9.85",
        "scope": null,
        "trust": 0.6,
        "vendor": "general",
        "version": null
      },
      {
        "model": "electric pacsystems rx3i cpe100 \u003cr9.85",
        "scope": null,
        "trust": 0.6,
        "vendor": "general",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.85",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.85",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cru320_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cru320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe330:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpe400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpe400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:emerson:rx3i_cpl410_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r9.90",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:emerson:rx3i_cpl410:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      }
    ]
  },
  "cve": "CVE-2019-13524",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-13524",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-04658",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-13524",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-13524",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-04658",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-539",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-13524",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. plural GE PACSystems RX3i The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. GE PACSystems is a programmable automation controller product from GE",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13524"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-13524",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-014-01",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0156",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13524",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "id": "VAR-202001-0751",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      }
    ],
    "trust": 1.5375
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:10:03.405000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top\u00a0Page",
        "trust": 0.8,
        "url": "https://www.emerson.com/en-us"
      },
      {
        "title": "Patch for GE PACSystems Input Validation Error Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/199993"
      },
      {
        "title": "Multiple GE Product input verification error vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108526"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13524"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0156/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "date": "2020-01-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13524"
      },
      {
        "date": "2020-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "date": "2020-01-16T18:15:11.463000",
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "date": "2020-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-04658"
      },
      {
        "date": "2020-01-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13524"
      },
      {
        "date": "2020-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      },
      {
        "date": "2020-01-27T17:08:32.180000",
        "db": "NVD",
        "id": "CVE-2019-13524"
      },
      {
        "date": "2021-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0GE\u00a0PACSystems\u00a0RX3i\u00a0 Input validation vulnerabilities in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-539"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-13524 (GCVE-0-2019-13524)

CNVD-2020-04658

GSD-2019-13524

FKIE_CVE-2019-13524

ICSA-20-014-01

GHSA-RVGF-QG2W-7JR4

VAR-202001-0751

Tags

Sightings

Nomenclature