Sign-up

ID

VAR-201906-0327


CVE

CVE-2019-3946


TITLE

Fuji Electric V-Server Input validation error vulnerability

Trust: 1.4

sources: IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // CNVD: CNVD-2019-25688 // CNNVD: CNNVD-201906-559

DESCRIPTION

Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is a set of software used by Fuji Electric to collect and manage real-time field data. An input validation error vulnerability exists in Fuji Electric V-Server prior to 6.0.33.0. The vulnerability stems from a network system or product that does not properly validate the input data. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

Trust: 3.42

sources: NVD: CVE-2019-3946 // JVNDB: JVNDB-2019-005490 // JVNDB: JVNDB-2019-005462 // CNVD: CNVD-2019-25688 // BID: 108740 // IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // VULMON: CVE-2019-3946

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // CNVD: CNVD-2019-25688

AFFECTED PRODUCTS

vendor:fuji electricmodel:v-serverscope:ltversion:6.0.33.0

Trust: 1.6

vendor:fujielectricmodel:v-serverscope:ltversion:6.0.33.0

Trust: 1.0

vendor:fujimodel:electric v-serverscope:ltversion:6.0.33.0

Trust: 0.6

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.9.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.8.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.7.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.6.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.5.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.4.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.32.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.31.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.30.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.3.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.29.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.28.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.27.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.26.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.25.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.24.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.23.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.22.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.21.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.20.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.2.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.19.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.18.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.17.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.16.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.15.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.14.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.13.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.12.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.11.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.10.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:neversion:6.0.33.0

Trust: 0.3

vendor:v servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // CNVD: CNVD-2019-25688 // BID: 108740 // JVNDB: JVNDB-2019-005490 // JVNDB: JVNDB-2019-005462 // NVD: CVE-2019-3946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3946
value: HIGH

Trust: 1.0

NVD: CVE-2019-3946
value: HIGH

Trust: 0.8

NVD: CVE-2019-3946
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-25688
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-559
value: HIGH

Trust: 0.6

IVD: b858cd6c-22d1-49a4-a77a-e989933c9367
value: HIGH

Trust: 0.2

VULMON: CVE-2019-3946
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2019-3946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-25688
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b858cd6c-22d1-49a4-a77a-e989933c9367
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-3946
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

NVD: CVE-2019-3946
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // CNVD: CNVD-2019-25688 // VULMON: CVE-2019-3946 // JVNDB: JVNDB-2019-005490 // JVNDB: JVNDB-2019-005462 // CNNVD: CNNVD-201906-559 // NVD: CVE-2019-3946

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2019-005490 // JVNDB: JVNDB-2019-005462 // NVD: CVE-2019-3946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-559

TYPE

Input validation error

Trust: 0.8

sources: IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // CNNVD: CNNVD-201906-559

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005490

PATCH
title:V-Serverurl:https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html
Trust: 1.6
title:Fuji Electric V-Server enters a patch to verify the error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/172789
Trust: 0.6
title:Fuji Electric V-Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93791
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25688 // 
            
            
            
            JVNDB: JVNDB-2019-005490 // 
            
            
            
            JVNDB: JVNDB-2019-005462 // 
            
            
            
            CNNVD: CNNVD-201906-559

EXTERNAL IDS
db:NVDid:CVE-2019-3946
Trust: 4.4
db:TENABLEid:TRA-2019-27
Trust: 4.2
db:BIDid:108740
Trust: 2.0
db:CNVDid:CNVD-2019-25688
Trust: 0.8
db:CNNVDid:CNNVD-201906-559
Trust: 0.8
db:JVNDBid:JVNDB-2019-005490
Trust: 0.8
db:JVNDBid:JVNDB-2019-005462
Trust: 0.8
db:IVDid:B858CD6C-22D1-49A4-A77A-E989933C9367
Trust: 0.2
db:VULMONid:CVE-2019-3946
Trust: 0.1
sources:
            
            
            IVD: b858cd6c-22d1-49a4-a77a-e989933c9367 // 
            
            
            
            CNVD: CNVD-2019-25688 // 
            
            
            
            VULMON: CVE-2019-3946 // 
            
            
            
            BID: 108740 // 
            
            
            
            JVNDB: JVNDB-2019-005490 // 
            
            
            
            JVNDB: JVNDB-2019-005462 // 
            
            
            
            CNNVD: CNNVD-201906-559 // 
            
            
            
            NVD: CVE-2019-3946

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-27
Trust: 4.2
url:http://www.securityfocus.com/bid/108740
Trust: 1.8
url:http://www.fujielectric.com/
Trust: 0.9
url:https://monitouch.fujielectric.com/site/support-e/more-index-t.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3946
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3946
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3947
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25688 // 
            
            
            
            VULMON: CVE-2019-3946 // 
            
            
            
            BID: 108740 // 
            
            
            
            JVNDB: JVNDB-2019-005490 // 
            
            
            
            JVNDB: JVNDB-2019-005462 // 
            
            
            
            CNNVD: CNNVD-201906-559 // 
            
            
            
            NVD: CVE-2019-3946

CREDITS
Tenable
Trust: 0.9
sources:
            
            
            BID: 108740 // 
            
            
            
            CNNVD: CNNVD-201906-559

SOURCES
db:IVDid:b858cd6c-22d1-49a4-a77a-e989933c9367
db:CNVDid:CNVD-2019-25688
db:VULMONid:CVE-2019-3946
db:BIDid:108740
db:JVNDBid:JVNDB-2019-005490
db:JVNDBid:JVNDB-2019-005462
db:CNNVDid:CNNVD-201906-559
db:NVDid:CVE-2019-3946

LAST UPDATE DATE
2024-11-23T22:33:54.410000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25688date:2019-08-02T00:00:00
db:VULMONid:CVE-2019-3946date:2019-06-14T00:00:00
db:BIDid:108740date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005490date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2019-005462date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-559date:2019-06-17T00:00:00
db:NVDid:CVE-2019-3946date:2024-11-21T04:42:55.280

SOURCES RELEASE DATE
db:IVDid:b858cd6c-22d1-49a4-a77a-e989933c9367date:2019-08-02T00:00:00
db:CNVDid:CNVD-2019-25688date:2019-08-02T00:00:00
db:VULMONid:CVE-2019-3946date:2019-06-12T00:00:00
db:BIDid:108740date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005490date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2019-005462date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-559date:2019-06-12T00:00:00
db:NVDid:CVE-2019-3946date:2019-06-12T15:29:00.863