ID
VAR-201909-0994
CVE
CVE-2019-13528
TITLE
Niagara AX and Niagara Authentication vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2019-009666
DESCRIPTION
A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). Niagara AX and Niagara Contains an authentication vulnerability.Information may be obtained
Trust: 1.62
sources:
NVD: CVE-2019-13528 //
JVNDB: JVNDB-2019-009666
AFFECTED PRODUCTS
| vendor: | tridium | model: | niagara4 | scope: | eq | version: | 4.4u3 | Trust: 1.0 |
| vendor: | tridium | model: | niagara ax | scope: | eq | version: | 3.8u4 | Trust: 1.0 |
| vendor: | tridium | model: | niagara4 | scope: | eq | version: | 4.7u1 | Trust: 1.0 |
| vendor: | tridium | model: | niagara | scope: | eq | version: | 4.4u3 | Trust: 0.8 |
| vendor: | tridium | model: | niagara | scope: | eq | version: | 4.7u1 | Trust: 0.8 |
| vendor: | tridium | model: | niagara ax framework | scope: | eq | version: | 3.8u4 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-009666 //
NVD: CVE-2019-13528
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
JVNDB: JVNDB-2019-009666 //
CNNVD: CNNVD-201909-963 //
NVD: CVE-2019-13528
PROBLEMTYPE DATA
| problemtype: | CWE-285 | Trust: 1.0 |
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-287 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-009666 //
NVD: CVE-2019-13528
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-201909-963
TYPE
authorization issue
Trust: 0.6
sources:
CNNVD: CNNVD-201909-963
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-009666
PATCH
| title: | Top Page | url: | https://www.tridium.com/ | Trust: 0.8 |
| title: | ARC , Niagara AX and Niagara Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98449 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2019-009666 //
CNNVD: CNNVD-201909-963
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-19-262-01 | Trust: 2.4 |
| db: | NVD | id: | CVE-2019-13528 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2019-009666 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2019.3561 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201909-963 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2019-009666 //
CNNVD: CNNVD-201909-963 //
NVD: CVE-2019-13528
REFERENCES
| url: | https://www.us-cert.gov/ics/advisories/icsa-19-262-01 | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-13528 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13528 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.3561/ | Trust: 0.6 |
sources:
JVNDB: JVNDB-2019-009666 //
CNNVD: CNNVD-201909-963 //
NVD: CVE-2019-13528
SOURCES
| db: | JVNDB | id: | JVNDB-2019-009666 |
| db: | CNNVD | id: | CNNVD-201909-963 |
| db: | NVD | id: | CVE-2019-13528 |
LAST UPDATE DATE
2024-11-23T21:59:41.229000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2019-009666 | date: | 2019-09-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-963 | date: | 2020-10-21T00:00:00 |
| db: | NVD | id: | CVE-2019-13528 | date: | 2024-11-21T04:25:04.960 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2019-009666 | date: | 2019-09-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-963 | date: | 2019-09-20T00:00:00 |
| db: | NVD | id: | CVE-2019-13528 | date: | 2019-09-24T22:15:13.013 |