Sign-up

ID

VAR-201906-0328


CVE

CVE-2019-3947


TITLE

Fuji Electric V-Server Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-005462

DESCRIPTION

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A remote denial-of-service vulnerability 2. An information disclosure vulnerability An attacker can exploit these issues to cause a denial-of-service condition or obtain sensitive information that may lead to further attacks . Versions prior to V-SFT 6.0.33.0 are vulnerable

Trust: 1.98

sources: NVD: CVE-2019-3947 // JVNDB: JVNDB-2019-005462 // BID: 108740 // VULMON: CVE-2019-3947

AFFECTED PRODUCTS

vendor:fujielectricmodel:v-serverscope:ltversion:6.0.33.0

Trust: 1.0

vendor:fuji electricmodel:v-serverscope:ltversion:6.0.33.0

Trust: 0.8

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.9.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.8.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.7.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.6.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.5.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.4.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.32.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.31.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.30.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.3.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.29.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.28.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.27.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.26.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.25.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.24.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.23.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.22.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.21.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.20.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.2.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.19.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.18.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.17.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.16.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.15.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.14.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.13.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.12.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.11.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:eqversion:6.0.10.0

Trust: 0.3

vendor:fujimodel:electric monitouch v-sftscope:neversion:6.0.33.0

Trust: 0.3

sources: BID: 108740 // JVNDB: JVNDB-2019-005462 // NVD: CVE-2019-3947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3947
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3947
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201906-558
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-3947
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3947
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-3947
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2019-3947 // JVNDB: JVNDB-2019-005462 // CNNVD: CNNVD-201906-558 // NVD: CVE-2019-3947

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2019-005462 // NVD: CVE-2019-3947

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-558

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-558

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005462

PATCH
title:V-Serverurl:https://monitouch.fujielectric.com/site/tellus-e/tellus03-01.html
Trust: 0.8
title:Fuji Electric V-Server Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93790
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005462 // 
            
            
            
            CNNVD: CNNVD-201906-558

EXTERNAL IDS
db:TENABLEid:TRA-2019-27
Trust: 2.8
db:NVDid:CVE-2019-3947
Trust: 2.8
db:BIDid:108740
Trust: 2.0
db:JVNDBid:JVNDB-2019-005462
Trust: 0.8
db:CNNVDid:CNNVD-201906-558
Trust: 0.6
db:VULMONid:CVE-2019-3947
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3947 // 
            
            
            
            BID: 108740 // 
            
            
            
            JVNDB: JVNDB-2019-005462 // 
            
            
            
            CNNVD: CNNVD-201906-558 // 
            
            
            
            NVD: CVE-2019-3947

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-27
Trust: 2.8
url:http://www.securityfocus.com/bid/108740
Trust: 1.8
url:http://www.fujielectric.com/
Trust: 0.9
url:https://monitouch.fujielectric.com/site/support-e/more-index-t.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3947
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3947
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3947 // 
            
            
            
            BID: 108740 // 
            
            
            
            JVNDB: JVNDB-2019-005462 // 
            
            
            
            CNNVD: CNNVD-201906-558 // 
            
            
            
            NVD: CVE-2019-3947

CREDITS
Tenable
Trust: 0.9
sources:
            
            
            BID: 108740 // 
            
            
            
            CNNVD: CNNVD-201906-558

SOURCES
db:VULMONid:CVE-2019-3947
db:BIDid:108740
db:JVNDBid:JVNDB-2019-005462
db:CNNVDid:CNNVD-201906-558
db:NVDid:CVE-2019-3947

LAST UPDATE DATE
2024-11-23T22:33:54.379000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-3947date:2020-08-24T00:00:00
db:BIDid:108740date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005462date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-558date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3947date:2024-11-21T04:42:55.407

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-3947date:2019-06-12T00:00:00
db:BIDid:108740date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005462date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-558date:2019-06-12T00:00:00
db:NVDid:CVE-2019-3947date:2019-06-12T15:29:00.910