Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-13524

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.

Published

2020-01-16T18:15:11.463

Last Modified

2024-11-21T04:25:04.417

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System emerson rx3i_cpe100_firmware < r9.85 Yes
Hardware emerson rx3i_cpe100 - No
Operating System emerson rx3i_cpe115_firmware < r9.85 Yes
Hardware emerson rx3i_cpe115 - No
Operating System emerson rx3i_cpe302_firmware < r9.90 Yes
Hardware emerson rx3i_cpe302 - No
Operating System emerson rx3i_cpe305_firmware < r9.90 Yes
Hardware emerson rx3i_cpe305 - No
Operating System emerson rx3i_cpe310_firmware < r9.90 Yes
Hardware emerson rx3i_cpe310 - No
Operating System emerson rx3i_cru320_firmware * Yes
Hardware emerson rx3i_cru320 - No
Operating System emerson rx3i_cpe330_firmware < r9.90 Yes
Hardware emerson rx3i_cpe330 - No
Operating System emerson rx3i_cpe400_firmware < r9.90 Yes
Hardware emerson rx3i_cpe400 - No
Operating System emerson rx3i_cpl410_firmware < r9.90 Yes
Hardware emerson rx3i_cpl410 - No
References