CVE-2019-6533
Published Feb 12, 2019
Last updated 2 years ago
Overview
- Description
- Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kunbus:pr100088_modbus_gateway_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDBD5619-7FDD-4BFA-977E-EDE889BCFF83",
"versionEndExcluding": "r02"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:kunbus:pr100088_modbus_gateway:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "63D8E09D-8B31-4FB2-94DD-A3C243A4E66B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]