var-201902-0131
Vulnerability from variot
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. InduSoft Web Studio and InTouch Edge HMI Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Group plc InduSoft Web Studio is a set of industrial configuration software from UK's AVEVA Group plc. An attacker could use this vulnerability to execute code. Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 2.6,
"vendor": "indusoft web studio",
"version": "7.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 1.6,
"vendor": "indusoft web studio",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "indusoft web studio",
"version": "8.1"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "7.1"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "6.1"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "8.0"
},
{
"_id": null,
"model": "intouch machine edition 2014",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "r2"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "8.1"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "lt",
"trust": 0.8,
"vendor": "aveva",
"version": "8.1 sp3"
},
{
"_id": null,
"model": "intouch machine edition 2017",
"scope": "lt",
"trust": 0.8,
"vendor": "aveva",
"version": "2017 update"
},
{
"_id": null,
"model": "group plc indusoft web studio||intouch edge hmi update",
"scope": "lt",
"trust": 0.6,
"vendor": "aveva",
"version": "2017"
},
{
"_id": null,
"model": "group plc indusoft web studio||intouch edge hmi sp3",
"scope": "lt",
"trust": 0.6,
"vendor": "aveva",
"version": "8.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "indusoft web studio",
"version": "6.1"
},
{
"_id": null,
"model": "intouch edge hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2017"
},
{
"_id": null,
"model": "indusoft web studio sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"_id": null,
"model": "indusoft web studio sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"_id": null,
"model": "indusoft web studio sp2 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.01"
},
{
"_id": null,
"model": "indusoft web studio sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.0"
},
{
"_id": null,
"model": "indusoft web studio patch",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.55"
},
{
"_id": null,
"model": "indusoft web studio sp patch",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.434"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.4"
},
{
"_id": null,
"model": "indusoft web studio",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.1.3.2"
},
{
"_id": null,
"model": "indusoft web studio sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "8.1"
},
{
"_id": null,
"model": "r2",
"scope": null,
"trust": 0.2,
"vendor": "intouch machine edition 2014",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:aveva:indusoft_web_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:aveva:intouch_machine",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
}
]
},
"credits": {
"_id": null,
"data": "Tenable Research",
"sources": [
{
"db": "BID",
"id": "107144"
}
],
"trust": 0.3
},
"cve": "CVE-2019-6543",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6543",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-43391",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "25e4174a-daae-4de2-adde-0568bfec05b2",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6543",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6543",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6543",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6543",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-43391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-531",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-6543",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"description": {
"_id": null,
"data": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine. InduSoft Web Studio and InTouch Edge HMI Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Group plc InduSoft Web Studio is a set of industrial configuration software from UK\u0027s AVEVA Group plc. An attacker could use this vulnerability to execute code. \nAttackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-6543",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-036-01",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "46342",
"trust": 2.0
},
{
"db": "TENABLE",
"id": "TRA-2019-04",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43391",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0344",
"trust": 0.6
},
{
"db": "BID",
"id": "107144",
"trust": 0.3
},
{
"db": "IVD",
"id": "25E4174A-DAAE-4DE2-ADDE-0568BFEC05B2",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151602",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6543",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"id": "VAR-201902-0131",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
}
],
"trust": 1.5524224666666666
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNVD",
"id": "CNVD-2019-43391"
}
]
},
"last_update_date": "2024-11-23T22:17:08.132000Z",
"patch": {
"_id": null,
"data": [
{
"title": "AVEVA Security Bulletin LFSEC00000133",
"trust": 0.8,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec133.pdf?hsLang=en"
},
{
"title": "Patch for AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI have unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/192861"
},
{
"title": "AVEVA Group plc InduSoft Web Studio and InTouch Edge HMI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89342"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-036-01"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2019-04"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46342/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6543"
},
{
"trust": 0.9,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec133.pdf?hslang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75070"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/products-downloads"
},
{
"trust": 0.3,
"url": "https://industrial-software.com/training-support/downloads-by-product/intouch-machine-edition"
},
{
"trust": 0.3,
"url": "https://www.exploit-db.com/exploits/46342"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/indusoftart.php?catid=1\u0026name=iws/webstudio"
},
{
"trust": 0.3,
"url": "http://www.indusoft.com/products-downloads/download-library/current-release-notes"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/151602/indusoft-web-studio-8.1-sp2-remote-code-execution.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43391"
},
{
"db": "VULMON",
"id": "CVE-2019-6543"
},
{
"db": "BID",
"id": "107144"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
},
{
"db": "NVD",
"id": "CVE-2019-6543"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-43391",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-6543",
"ident": null
},
{
"db": "BID",
"id": "107144",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001356",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-6543",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2",
"ident": null
},
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43391",
"ident": null
},
{
"date": "2019-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6543",
"ident": null
},
{
"date": "2019-02-05T00:00:00",
"db": "BID",
"id": "107144",
"ident": null
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001356",
"ident": null
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-531",
"ident": null
},
{
"date": "2019-02-13T01:29:00.333000",
"db": "NVD",
"id": "CVE-2019-6543",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43391",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6543",
"ident": null
},
{
"date": "2019-02-05T00:00:00",
"db": "BID",
"id": "107144",
"ident": null
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001356",
"ident": null
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-531",
"ident": null
},
{
"date": "2024-11-21T04:46:39.867000",
"db": "NVD",
"id": "CVE-2019-6543",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "InduSoft Web Studio and InTouch Edge HMI Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001356"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "25e4174a-daae-4de2-adde-0568bfec05b2"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-531"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.