- Description
- Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kunbus:pr100088_modbus_gateway_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDBD5619-7FDD-4BFA-977E-EDE889BCFF83",
"versionEndExcluding": "r02"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:kunbus:pr100088_modbus_gateway:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "63D8E09D-8B31-4FB2-94DD-A3C243A4E66B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]