CVE-2019-13524

Published Jan 16, 2020

Last updated 5 years ago

CVSS high 7.5

Overview

Description: GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20
ics-cert@hq.dhs.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6387FCD-2DCF-463C-B33B-B358FB98B797",
            "versionEndExcluding": "r9.85"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "55AC3482-F413-46C1-B7A9-94AFD3FE74AF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFB6F671-24FF-46FC-AF19-BE980D0D0CC5",
            "versionEndExcluding": "r9.85"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1E25E3A8-646C-49A8-BEDF-2D5571F052C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FD748AB-A839-4087-A3B0-D4CF3213070F",
            "versionEndExcluding": "r9.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D8DE37E-EDBF-4994-9718-1995ADA80FB3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "668BB816-3332-4AFE-87F5-8667047EE44A",
            "versionEndExcluding": "r9.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D08D1771-812D-45CA-ACCD-E02E0B029B46"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BCDEDD6-EAE9-4526-89DA-205BA8B7F149",
            "versionEndExcluding": "r9.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BF9F7EB1-11C7-4408-BE93-56E6E953B1BF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cru320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AD9F7EB-7C85-4E6A-B19F-A8964C806670"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cru320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "858CA8BB-40ED-4946-BC15-718B5DBF8526"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B32ACB2-96DE-487B-BD5C-C5E1668A2ADC",
            "versionEndExcluding": "r9.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe330:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "28E7B680-787B-49A7-8646-03D295BE8427"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpe400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65386F51-7D4C-437F-BE1A-0711A24F1904",
            "versionEndExcluding": "r9.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpe400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "477CD97E-67F9-4BBB-A994-9773C0BCB6F7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emerson:rx3i_cpl410_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E877E300-75E8-4DA9-A264-E3E3ACFB59CC",
            "versionEndExcluding": "r9.90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emerson:rx3i_cpl410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DC1A8F15-A711-4CD1-9032-CB9C5DE37A83"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References