Search criteria
1 vulnerability found for sync3000 by kalkitech
VAR-201905-1150
Vulnerability from variot - Updated: 2024-11-23 22:12Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. Kalki Kalkitech SYNC3000 Substation DCU Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kalkitech SYNC3000 Substation DCU GPC is a substation data concentrator and communication device. A security vulnerability exists in the Kalkitech SYNC3000 Substation DCU GPC. An attacker could exploit this vulnerability to execute injected client commands or scripts. The following products and versions are affected: Kalkitech SYNC3000 Substation DCU GPC Version 2.22.6, Version 2.23.0, Version 2.24.0, Version 3.0.0, Version 3.1.0, Version 3.1.16, Version 3.2.3, Version 3.2.6 Version, version 3.5.0, version 3.6.0, version 3.6.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.2.3"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "2.23.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.5.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.6.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "2.22.6"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.1.16"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.6.1"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "2.24.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.0.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.2.6"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.1.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 2.22.6"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 2.23.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 2.24.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.0.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.1.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.1.16"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.2.3"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.2.6"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.5.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.6.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:kalkitech:sync3000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
}
]
},
"cve": "CVE-2019-11536",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11536",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-143192",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11536",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11536",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11536",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-889",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-143192",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11536",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. Kalki Kalkitech SYNC3000 Substation DCU Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kalkitech SYNC3000 Substation DCU GPC is a substation data concentrator and communication device. A security vulnerability exists in the Kalkitech SYNC3000 Substation DCU GPC. An attacker could exploit this vulnerability to execute injected client commands or scripts. The following products and versions are affected: Kalkitech SYNC3000 Substation DCU GPC Version 2.22.6, Version 2.23.0, Version 2.24.0, Version 3.0.0, Version 3.1.0, Version 3.1.16, Version 3.2.3, Version 3.2.6 Version, version 3.5.0, version 3.6.0, version 3.6.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11536",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-143192",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11536",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"id": "VAR-201905-1150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:00.909000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CYB/2019/19561",
"trust": 0.8,
"url": "https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf"
},
{
"title": "Cybersecurity",
"trust": 0.8,
"url": "https://www.kalkitech.com/cybersecurity/"
},
{
"title": "Kalki Kalkitech SYNC3000 Substation DCU GPC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92868"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.kalkitech.com/cybersecurity/"
},
{
"trust": 1.8,
"url": "https://www.kalkitech.com/wp-content/uploads/cyb_19561_advisory.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11536"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11536"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-143192"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"date": "2019-05-22T18:29:00.537000",
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-143192"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"date": "2024-11-21T04:21:17.520000",
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kalki Kalkitech SYNC3000 Substation DCU Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
}
],
"trust": 0.6
}
}