Sign-up

ID

VAR-201908-0259


CVE

CVE-2019-9585


TITLE

eQ-3 Homematic CCU2 and CCU3 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008363

DESCRIPTION

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata. eQ-3 Homematic CCU2 and CCU3 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are the central control units of a smart home system from German eQ-3 company. Attackers can use this vulnerability to read, set, and delete metadata

Trust: 2.16

sources: NVD: CVE-2019-9585 // JVNDB: JVNDB-2019-008363 // CNVD: CNVD-2019-44786

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44786

AFFECTED PRODUCTS

vendor:eq 3model:homematic ccu2scope:ltversion:2.47.10

Trust: 1.0

vendor:eq 3model:homematic ccu3scope:ltversion:3.47.10

Trust: 1.0

vendor:eq 3model:ccu2scope:ltversion:2.47.10

Trust: 0.8

vendor:eq 3model:ccu3scope:ltversion:3.47.10

Trust: 0.8

vendor:eq 3model:eq-3 homematic ccu2scope:ltversion:2.47.10

Trust: 0.6

vendor:eq 3model:eq-3 homematic ccu3scope:ltversion:3.47.10

Trust: 0.6

sources: CNVD: CNVD-2019-44786 // JVNDB: JVNDB-2019-008363 // NVD: CVE-2019-9585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9585
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9585
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-44786
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-1090
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-9585
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44786
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-9585
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-44786 // JVNDB: JVNDB-2019-008363 // CNNVD: CNNVD-201908-1090 // NVD: CVE-2019-9585

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2019-008363 // NVD: CVE-2019-9585

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1090

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-1090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008363

PATCH
title:Top Pageurl:https://www.eq-3.com/
Trust: 0.8
title:Patch for eQ-3 HomeMatic CCU2 and eQ-3 Homematic CCU3 Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193777
Trust: 0.6
title:eQ-3 HomeMatic CCU2  and eQ-3 Homematic CCU3 Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96757
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44786 // 
            
            
            
            JVNDB: JVNDB-2019-008363 // 
            
            
            
            CNNVD: CNNVD-201908-1090

EXTERNAL IDS
db:NVDid:CVE-2019-9585
Trust: 3.0
db:JVNDBid:JVNDB-2019-008363
Trust: 0.8
db:CNVDid:CNVD-2019-44786
Trust: 0.6
db:CNNVDid:CNNVD-201908-1090
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44786 // 
            
            
            
            JVNDB: JVNDB-2019-008363 // 
            
            
            
            CNNVD: CNNVD-201908-1090 // 
            
            
            
            NVD: CVE-2019-9585

REFERENCES
url:https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/cves/2019-03-27-cve-2019-9585.md
Trust: 3.0
url:https://psytester.github.io/cve-2019-9585/
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-9585
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9585
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-44786 // 
            
            
            
            JVNDB: JVNDB-2019-008363 // 
            
            
            
            CNNVD: CNNVD-201908-1090 // 
            
            
            
            NVD: CVE-2019-9585

SOURCES
db:CNVDid:CNVD-2019-44786
db:JVNDBid:JVNDB-2019-008363
db:CNNVDid:CNNVD-201908-1090
db:NVDid:CVE-2019-9585

LAST UPDATE DATE
2024-11-23T23:04:44.204000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44786date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-008363date:2019-08-29T00:00:00
db:CNNVDid:CNNVD-201908-1090date:2020-08-25T00:00:00
db:NVDid:CVE-2019-9585date:2024-11-21T04:51:54.477

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44786date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-008363date:2019-08-29T00:00:00
db:CNNVDid:CNNVD-201908-1090date:2019-08-14T00:00:00
db:NVDid:CVE-2019-9585date:2019-08-14T21:15:19.347