VAR-201905-1150
Vulnerability from variot - Updated: 2024-11-23 22:12Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. Kalki Kalkitech SYNC3000 Substation DCU Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kalkitech SYNC3000 Substation DCU GPC is a substation data concentrator and communication device. A security vulnerability exists in the Kalkitech SYNC3000 Substation DCU GPC. An attacker could exploit this vulnerability to execute injected client commands or scripts. The following products and versions are affected: Kalkitech SYNC3000 Substation DCU GPC Version 2.22.6, Version 2.23.0, Version 2.24.0, Version 3.0.0, Version 3.1.0, Version 3.1.16, Version 3.2.3, Version 3.2.6 Version, version 3.5.0, version 3.6.0, version 3.6.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.2.3"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "2.23.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.5.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.6.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "2.22.6"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.1.16"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.6.1"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "2.24.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.0.0"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.2.6"
},
{
"model": "sync3000",
"scope": "eq",
"trust": 1.0,
"vendor": "kalkitech",
"version": "3.1.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 2.22.6"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 2.23.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 2.24.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.0.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.1.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.1.16"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.2.3"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.2.6"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.5.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.6.0"
},
{
"model": "sync 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "kalki communication pvt",
"version": "gpc 3.6.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:kalkitech:sync3000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
}
]
},
"cve": "CVE-2019-11536",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11536",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-143192",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11536",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11536",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11536",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-889",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-143192",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11536",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser. Kalki Kalkitech SYNC3000 Substation DCU Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kalkitech SYNC3000 Substation DCU GPC is a substation data concentrator and communication device. A security vulnerability exists in the Kalkitech SYNC3000 Substation DCU GPC. An attacker could exploit this vulnerability to execute injected client commands or scripts. The following products and versions are affected: Kalkitech SYNC3000 Substation DCU GPC Version 2.22.6, Version 2.23.0, Version 2.24.0, Version 3.0.0, Version 3.1.0, Version 3.1.16, Version 3.2.3, Version 3.2.6 Version, version 3.5.0, version 3.6.0, version 3.6.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11536",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-143192",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11536",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"id": "VAR-201905-1150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:00.909000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CYB/2019/19561",
"trust": 0.8,
"url": "https://www.kalkitech.com/wp-content/uploads/CYB_19561_Advisory.pdf"
},
{
"title": "Cybersecurity",
"trust": 0.8,
"url": "https://www.kalkitech.com/cybersecurity/"
},
{
"title": "Kalki Kalkitech SYNC3000 Substation DCU GPC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92868"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.kalkitech.com/cybersecurity/"
},
{
"trust": 1.8,
"url": "https://www.kalkitech.com/wp-content/uploads/cyb_19561_advisory.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11536"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11536"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143192"
},
{
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-143192"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"date": "2019-05-22T18:29:00.537000",
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-143192"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11536"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004822"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-889"
},
{
"date": "2024-11-21T04:21:17.520000",
"db": "NVD",
"id": "CVE-2019-11536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kalki Kalkitech SYNC3000 Substation DCU Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004822"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-889"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…