CVE-2019-13524

{"id": "CVE-2019-13524", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-01-16T18:15:11.463", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode."}, {"lang": "es", "value": "GE PACSystems versi\u00f3n RX3i CPE100/115: todas las versiones anteriores a R9.85,CPE302/305/310/330/400/410: todas las versiones anteriores a R9.90,CRU/320, todas las versiones (End of Life), pueden permitir a un atacante enviar paquetes especialmente manipulados para causar que el estado del m\u00f3dulo cambie al modo halt, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. Un operador necesita reiniciar el m\u00f3dulo de la CPU despu\u00e9s de quitar la bater\u00eda o el paquete de energ\u00eda para recuperase del modo halt."}], "lastModified": "2020-01-27T17:08:32.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6387FCD-2DCF-463C-B33B-B358FB98B797", "versionEndExcluding": "r9.85"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55AC3482-F413-46C1-B7A9-94AFD3FE74AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFB6F671-24FF-46FC-AF19-BE980D0D0CC5", "versionEndExcluding": "r9.85"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E25E3A8-646C-49A8-BEDF-2D5571F052C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD748AB-A839-4087-A3B0-D4CF3213070F", "versionEndExcluding": "r9.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D8DE37E-EDBF-4994-9718-1995ADA80FB3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "668BB816-3332-4AFE-87F5-8667047EE44A", "versionEndExcluding": "r9.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D08D1771-812D-45CA-ACCD-E02E0B029B46"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCDEDD6-EAE9-4526-89DA-205BA8B7F149", "versionEndExcluding": "r9.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF9F7EB1-11C7-4408-BE93-56E6E953B1BF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cru320_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AD9F7EB-7C85-4E6A-B19F-A8964C806670"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cru320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "858CA8BB-40ED-4946-BC15-718B5DBF8526"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B32ACB2-96DE-487B-BD5C-C5E1668A2ADC", "versionEndExcluding": "r9.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe330:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28E7B680-787B-49A7-8646-03D295BE8427"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpe400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65386F51-7D4C-437F-BE1A-0711A24F1904", "versionEndExcluding": "r9.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpe400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "477CD97E-67F9-4BBB-A994-9773C0BCB6F7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emerson:rx3i_cpl410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E877E300-75E8-4DA9-A264-E3E3ACFB59CC", "versionEndExcluding": "r9.90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emerson:rx3i_cpl410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC1A8F15-A711-4CD1-9032-CB9C5DE37A83"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}