CVE-2019-6543

{"id": "CVE-2019-6543", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-13T01:29:00.333", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.exploit-db.com/exploits/46342/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.tenable.com/security/research/tra-2019-04", "tags": ["Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine."}, {"lang": "es", "value": "InduSoft Web Studio, en versiones anteriores a la 8.1 SP3 e InTouch Edge HMI (anteriormente conocido como InTouch Machine Edition), en versiones anteriores a la 2017 Update, de AVEVA Software, LLC. Se ejecuta c\u00f3digo con los privilegios en tiempo de ejecuci\u00f3n del programa, lo que podr\u00eda conducir al compromiso de la m\u00e1quina."}], "lastModified": "2022-11-30T22:23:06.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7C2429-3A6B-4552-B12D-CBA00563907D"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:6.1:sp6_p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05020B8D-DB30-4BDA-9BD3-0C7C4804859B"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55E9450D-F600-4DC6-8C72-8D79974B6802"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2CB5BAC-BFCE-41C2-A25C-3E6CB218FBD6"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBFEECD4-C454-4A47-9B81-91699C325DC3"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A62CC412-F399-40B7-8000-A4A707F7F6F1"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127CC5C8-822A-4630-813E-5AE39BEBD5A2"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D90DF6B-B281-48D3-8672-25294990E611"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8721C8BE-1946-4030-B056-67A6B42BCDCA"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C07C446B-6125-46D7-BDC4-11849BA6A72D"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D4A9403-5D1E-464F-8B40-D554F4A7C3AE"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDFC8512-2971-48C3-9576-0FA74B59406B"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2991440-E8EB-4AB1-A861-2A263C443DEF"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23DA9BCB-F9BD-4F9F-A77E-95210C270539"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:7.1:sp3_p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD1C359C-61FA-4E5F-81CA-991BCB8CD9A8"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07A836A-535F-437E-BD25-1D833BD63327"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD4BA73-691D-4E12-936C-7B0F0A0AFF0F"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D515729F-9316-470F-8D18-34B674E8F5D4"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542A2064-3D3D-4EF0-AEF5-3D8C45BD8CA6"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C282BFD-02D9-4F80-BBD9-B84B0703D07A"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp1_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92E5DA1B-459C-44B2-9E0B-2B88C985DA98"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186D0227-8791-44E0-8B80-2AE0427B69D7"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.0:sp2_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDA36D8C-6CE2-4C5B-A4E2-68031D97516D"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7B550C6-160F-480D-8B70-92C6D236C3EA"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C809DC5-73DC-4E00-ABAB-558844CE2103"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC7F3AAD-E423-4CA2-BB78-AC7B081338D3"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp1_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "870D0F41-F2CE-4693-8815-5527A6E5ECD9"}, {"criteria": "cpe:2.3:a:aveva:indusoft_web_studio:8.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA02828-7756-4F12-9F3A-DBBD20AFEAF7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:intouch_machine_edition_2014:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67AB4CF8-A2C6-4B0D-87EB-62617943F705"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}