CVE-2019-11536 in SYNC3000 Substation DCU GPCالمعلومات

الملخص

بحسب MITRE

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

25/04/2019

الاعتدال

تمت الموافقة

إدخال

VDB-135363

CPE

جاهز

CWE

CWE-264 (مؤكد)

CVSS

9.8 (NVD)

EPSS

0.00385

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-11536
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-11536
CVE Details	https://www.cvedetails.com/cve/CVE-2019-11536/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!