Sign-up

ID

VAR-202001-0246


CVE

CVE-2019-6529


TITLE

Kunbus PR100088 Modbus Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-14074 // CNNVD: CNNVD-201902-569

DESCRIPTION

An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166). PR100088 Modbus gateway Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Kunbus PR100088 Modbus is an industrial Ethernet gateway device from German Kunbus company. An input validation error vulnerability exists in versions prior to Kunbus PR100088 Modbus Release R02. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2019-6529 // JVNDB: JVNDB-2019-013998 // CNVD: CNVD-2020-14074

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14074

AFFECTED PRODUCTS

vendor:kunbusmodel:pr100088 modbus gatewayscope:ltversion:1.1.13166

Trust: 1.0

vendor:kunbusmodel:pr100088 modbus gatewayscope:ltversion:r02

Trust: 0.8

vendor:kunbusmodel:pr100088 modbus <release r02scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-14074 // JVNDB: JVNDB-2019-013998 // NVD: CVE-2019-6529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6529
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6529
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-14074
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201902-569
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-6529
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14074
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:L/AU:M/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6529
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6529
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14074 // JVNDB: JVNDB-2019-013998 // CNNVD: CNNVD-201902-569 // NVD: CVE-2019-6529

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013998 // NVD: CVE-2019-6529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-569

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-569

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013998

PATCH
title:Top Pageurl:https://www.kunbus.com/
Trust: 0.8
title:Patch for Kunbus PR100088 Modbus Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/205249
Trust: 0.6
title:Kunbus PR100088 Modbus Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89370
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14074 // 
            
            
            
            JVNDB: JVNDB-2019-013998 // 
            
            
            
            CNNVD: CNNVD-201902-569

EXTERNAL IDS
db:NVDid:CVE-2019-6529
Trust: 3.0
db:ICS CERTid:ICSA-19-036-05
Trust: 2.4
db:AUSCERTid:ESB-2019.0343
Trust: 1.2
db:JVNDBid:JVNDB-2019-013998
Trust: 0.8
db:CNVDid:CNVD-2020-14074
Trust: 0.6
db:CNNVDid:CNNVD-201902-569
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14074 // 
            
            
            
            JVNDB: JVNDB-2019-013998 // 
            
            
            
            CNNVD: CNNVD-201902-569 // 
            
            
            
            NVD: CVE-2019-6529

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-036-05
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-6529
Trust: 1.4
url:https://www.auscert.org.au/bulletins/75066
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6529
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-14074 // 
            
            
            
            JVNDB: JVNDB-2019-013998 // 
            
            
            
            CNNVD: CNNVD-201902-569 // 
            
            
            
            NVD: CVE-2019-6529

SOURCES
db:CNVDid:CNVD-2020-14074
db:JVNDBid:JVNDB-2019-013998
db:CNNVDid:CNNVD-201902-569
db:NVDid:CVE-2019-6529

LAST UPDATE DATE
2024-11-23T22:16:40.807000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14074date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2019-013998date:2020-01-23T00:00:00
db:CNNVDid:CNNVD-201902-569date:2020-01-17T00:00:00
db:NVDid:CVE-2019-6529date:2024-11-21T04:46:38.153

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14074date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2019-013998date:2020-01-23T00:00:00
db:CNNVDid:CNNVD-201902-569date:2019-02-05T00:00:00
db:NVDid:CVE-2019-6529date:2020-01-07T21:15:10.540