Details of VAR-201907-0161

ID

VAR-201907-0161

CVE

CVE-2019-7260

TITLE

Linear eMerge E3 Vulnerabilities related to certificate/password management in series devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-006016

DESCRIPTION

Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Linear eMerge E3 series devices contain a vulnerability related to certificate/password management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA. Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. Attackers can use this vulnerability to obtain clear text passwords and launch further attacks on the system. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.25

sources: NVD: CVE-2019-7260 // JVNDB: JVNDB-2019-006016 // CNVD: CNVD-2019-34631 // VULHUB: VHN-158695

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-34631

AFFECTED PRODUCTS

vendor:	nortekcontrol	model:	linear emerge essential	scope:	lte	version:	1.00-06	Trust: 1.0
vendor:	nortekcontrol	model:	linear emerge elite	scope:	lte	version:	1.00-06	Trust: 1.0
vendor:	nortek	model:	linear emerge elite	scope:	-	version:	-	Trust: 0.8
vendor:	nortek	model:	linear emerge essential	scope:	-	version:	-	Trust: 0.8
vendor:	nortek	model:	security&control linear emerge e3-series	scope:	lte	version:	<=1.00-06	Trust: 0.6

sources: CNVD: CNVD-2019-34631 // JVNDB: JVNDB-2019-006016 // NVD: CVE-2019-7260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7260
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-7260
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-34631
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-103
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158695
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-7260
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-34631
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-158695
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7260
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-34631 // VULHUB: VHN-158695 // JVNDB: JVNDB-2019-006016 // CNNVD: CNNVD-201907-103 // NVD: CVE-2019-7260

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Certificate/password management (CWE-255) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-255	Trust: 0.1

sources: VULHUB: VHN-158695 // JVNDB: JVNDB-2019-006016 // NVD: CVE-2019-7260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-103

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-103

PATCH

title:

Top Page

url:

https://www.nortekcontrol.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-006016

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7260	Trust: 3.9
db:	ICS CERT	id:	ICSA-24-065-01	Trust: 0.8
db:	JVN	id:	JVNVU96911165	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-006016	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-103	Trust: 0.7
db:	CNVD	id:	CNVD-2019-34631	Trust: 0.6
db:	VULHUB	id:	VHN-158695	Trust: 0.1

sources: CNVD: CNVD-2019-34631 // VULHUB: VHN-158695 // JVNDB: JVNDB-2019-006016 // CNNVD: CNNVD-201907-103 // NVD: CVE-2019-7260

REFERENCES

url:	https://www.applied-risk.com/resources/ar-2019-005	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7260	Trust: 2.0
url:	https://applied-risk.com/labs/advisories	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu96911165/	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01	Trust: 0.8

sources: CNVD: CNVD-2019-34631 // VULHUB: VHN-158695 // JVNDB: JVNDB-2019-006016 // CNNVD: CNNVD-201907-103 // NVD: CVE-2019-7260

SOURCES

db:	CNVD	id:	CNVD-2019-34631
db:	VULHUB	id:	VHN-158695
db:	JVNDB	id:	JVNDB-2019-006016
db:	CNNVD	id:	CNNVD-201907-103
db:	NVD	id:	CVE-2019-7260

LAST UPDATE DATE

2024-08-14T13:55:18.594000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-34631	date:	2019-10-11T00:00:00
db:	VULHUB	id:	VHN-158695	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-006016	date:	2024-03-07T08:19:00
db:	CNNVD	id:	CNNVD-201907-103	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-7260	date:	2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-34631	date:	2019-10-10T00:00:00
db:	VULHUB	id:	VHN-158695	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-006016	date:	2019-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201907-103	date:	2019-07-02T00:00:00
db:	NVD	id:	CVE-2019-7260	date:	2019-07-02T18:15:12.017