Lucene search

IcscertCVE-2019-13524

HistoryJan 16, 2020 - 6:15 p.m.

CVE-2019-13524

2020-01-1618:15:11

CWE-20

icscert

web.nvd.nist.gov

ge pacsystems

rx3i

cpe100

cpe115

cpe302

cpe305

cpe310

cpe330

cpe400

cpe410

cru320

vulnerability

denial of service

nvd

cve-2019-13524

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.

Affected configurations

Nvd

Node

emersonrx3i_cpe100_firmwareRange<r9.85

AND

emersonrx3i_cpe100Match-

Node

emersonrx3i_cpe115_firmwareRange<r9.85

AND

emersonrx3i_cpe115Match-

Node

emersonrx3i_cpe302_firmwareRange<r9.90

AND

emersonrx3i_cpe302Match-

Node

emersonrx3i_cpe305_firmwareRange<r9.90

AND

emersonrx3i_cpe305Match-

Node

emersonrx3i_cpe310_firmwareRange<r9.90

AND

emersonrx3i_cpe310Match-

Node

emersonrx3i_cru320_firmware

AND

emersonrx3i_cru320Match-

Node

emersonrx3i_cpe330_firmwareRange<r9.90

AND

emersonrx3i_cpe330Match-

Node

emersonrx3i_cpe400_firmwareRange<r9.90

AND

emersonrx3i_cpe400Match-

Node

emersonrx3i_cpl410_firmwareRange<r9.90

AND

emersonrx3i_cpl410Match-

VendorProductVersionCPE
emersonrx3i_cpe100_firmware*cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*
emersonrx3i_cpe100-cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*
emersonrx3i_cpe115_firmware*cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*
emersonrx3i_cpe115-cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*
emersonrx3i_cpe302_firmware*cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*
emersonrx3i_cpe302-cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*
emersonrx3i_cpe305_firmware*cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*
emersonrx3i_cpe305-cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*
emersonrx3i_cpe310_firmware*cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*
emersonrx3i_cpe310-cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emerson	rx3i_cpe100_firmware	*	cpe:2.3:o:emerson:rx3i_cpe100_firmware::::::::
emerson	rx3i_cpe100	-	cpe:2.3:h:emerson:rx3i_cpe100:-:::::::*
emerson	rx3i_cpe115_firmware	*	cpe:2.3:o:emerson:rx3i_cpe115_firmware::::::::
emerson	rx3i_cpe115	-	cpe:2.3:h:emerson:rx3i_cpe115:-:::::::*
emerson	rx3i_cpe302_firmware	*	cpe:2.3:o:emerson:rx3i_cpe302_firmware::::::::
emerson	rx3i_cpe302	-	cpe:2.3:h:emerson:rx3i_cpe302:-:::::::*
emerson	rx3i_cpe305_firmware	*	cpe:2.3:o:emerson:rx3i_cpe305_firmware::::::::
emerson	rx3i_cpe305	-	cpe:2.3:h:emerson:rx3i_cpe305:-:::::::*
emerson	rx3i_cpe310_firmware	*	cpe:2.3:o:emerson:rx3i_cpe310_firmware::::::::
emerson	rx3i_cpe310	-	cpe:2.3:h:emerson:rx3i_cpe310:-:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "GE PACSystems RX3i",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU320 All versions(End of Life)"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsa-20-014-01

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

Related for CVE-2019-13524