A CVSS v3 base score of 10.0 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H). This can cause the device to enter an error state where it ceases all network communications.ĬVE-2019-5077 has been assigned to this vulnerability. 3.2.4 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306Īn attacker can send an unauthenticated packet that will overwrite the MAC address stored persistently on the device. A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.3 BUFFER ACCESS WITH INCORRECT LENGTH VALUE CWE-805ĬVE-2019-5075 has been assigned to this vulnerability. The affected products are vulnerable to a buffer overflow condition due to the lack of input validation, which may allow remote execution of arbitrary code.ĬVE-2019-5074 has been assigned to this vulnerability. 3.2.2 BUFFER ACCESS WITH INCORRECT LENGTH VALUE CWE-805
A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 750-823, 750-832/xxx-xxx, 750-862, 750-890/xxx-xxx, 750-891ģ.2 VULNERABILITY OVERVIEW 3.2.1 INFORMATION EXPOSURE THROUGH SENT DATA CWE-201Ī specially crafted packet could cause the server to send back packets containing data from the stack.ĬVE-2019-5073 has been assigned to this vulnerability.The following versions of I/O-CHECK software are affected by the listed vulnerabilities: Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses. Vulnerabilities: Information Exposure Through Sent Data, Buffer Access with Incorrect Length Value, Missing Authentication for Critical Function, Classic Buffer Overflow.Equipment: I/O-CHECK Series PFC100 and Series PFC200.ATTENTION: Exploitable remotely/low skill level to exploit.
0 kommentar(er)
