Details of VAR-201909-0528

ID

VAR-201909-0528

CVE

CVE-2019-14753

TITLE

SICK FX0-GPNT00000 and FX0-GENT00000 Classic buffer overflow vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-009640

DESCRIPTION

SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow. SICK FX0-GPNT00000 and FX0-GENT00000 The device contains a classic buffer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sick FX0-GPNT00000 and FX0-GENT00000 are both safety control modules with built-in Ethernet switches from Sick, Germany. A buffer error vulnerability exists in SICK FX0-GPNT00000 and FX0-GENT00000 versions 3.4.0 and earlier. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 1.71

sources: NVD: CVE-2019-14753 // JVNDB: JVNDB-2019-009640 // VULHUB: VHN-146731

AFFECTED PRODUCTS

vendor:	sick	model:	fx0-gent00000	scope:	lte	version:	3.4.0	Trust: 1.8
vendor:	sick	model:	fx0-gpnt00000	scope:	lte	version:	3.4.0	Trust: 1.8
vendor:	sick	model:	fx0-gpnt00000	scope:	eq	version:	-	Trust: 0.6
vendor:	sick	model:	fx0-gent00000	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2019-009640 // CNNVD: CNNVD-201909-1086 // NVD: CVE-2019-14753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14753
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14753
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-1086
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146731
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14753
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-146731
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14753
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14753
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146731 // JVNDB: JVNDB-2019-009640 // CNNVD: CNNVD-201909-1086 // NVD: CVE-2019-14753

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.9

sources: VULHUB: VHN-146731 // JVNDB: JVNDB-2019-009640 // NVD: CVE-2019-14753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1086

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-1086

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009640

PATCH

title:	SICK Product Security Incident Response Team (SICK PSIRT)	url:	https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Trust: 0.8
title:	SCA-2019-0002	url:	https://www.sick.com/medias/SCA-2019-002.pdf?context=bWFzdGVyfGNvbnRlbnR8MjE5MDk1fGFwcGxpY2F0aW9uL3BkZnxjb250ZW50L2g3Yy9oNDEvMTAzMDY0NjAzNTI1NDIucGRmfDJlZTVmZjJmYzYwYmQ1ODQyZDBmMjA0OTc3ZDBjMmY1YzZkYzUzNzI0MWI0OGIyOTE0OTllY2VlYjJhNzUzYTE	Trust: 0.8

sources: JVNDB: JVNDB-2019-009640

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14753	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-009640	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-1086	Trust: 0.7
db:	VULHUB	id:	VHN-146731	Trust: 0.1

sources: VULHUB: VHN-146731 // JVNDB: JVNDB-2019-009640 // CNNVD: CNNVD-201909-1086 // NVD: CVE-2019-14753

REFERENCES

url:	https://www.sick.com/medias/sca-2019-002.pdf?context=bwfzdgvyfgnvbnrlbnr8mje5mdk1fgfwcgxpy2f0aw9ul3bkznxjb250zw50l2g3yy9ondevmtazmdy0njaznti1ndiucgrmfdjlztvmzjjmyzywymq1odqyzdbmmja0otc3zdbjmmy1yzzkyzuznzi0mwi0ogiyote0otlly2vlyjjhnzuzyte	Trust: 1.7
url:	https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14753	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14753	Trust: 0.8

sources: VULHUB: VHN-146731 // JVNDB: JVNDB-2019-009640 // CNNVD: CNNVD-201909-1086 // NVD: CVE-2019-14753

SOURCES

db:	VULHUB	id:	VHN-146731
db:	JVNDB	id:	JVNDB-2019-009640
db:	CNNVD	id:	CNNVD-201909-1086
db:	NVD	id:	CVE-2019-14753

LAST UPDATE DATE

2024-11-23T23:08:15.863000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146731	date:	2019-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-009640	date:	2019-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201909-1086	date:	2019-09-30T00:00:00
db:	NVD	id:	CVE-2019-14753	date:	2024-11-21T04:27:16.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146731	date:	2019-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-009640	date:	2019-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201909-1086	date:	2019-09-24T00:00:00
db:	NVD	id:	CVE-2019-14753	date:	2019-09-24T17:15:13.880