VAR-201907-1438
Vulnerability from variot - Updated: 2024-11-23 22:25In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. GE Aestiva and Aespire Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aestiva 7100",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": null
},
{
"model": "aespire 7100",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": null
},
{
"model": "aestiva 7900",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": null
},
{
"model": "aespire 7900",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": null
},
{
"model": "aespire 7100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "aespire 7900",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "aestiva 7100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "aestiva 7900",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "aestiva",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "7900"
},
{
"model": "aestiva",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "7100"
},
{
"model": "aespire",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "7900"
},
{
"model": "aespire",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "7100"
}
],
"sources": [
{
"db": "BID",
"id": "109102"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ge:aespire_7100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:aespire_7900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:aestiva_7100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:aestiva_7900_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elad Luz of CyberMDX",
"sources": [
{
"db": "BID",
"id": "109102"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
}
],
"trust": 0.9
},
"cve": "CVE-2019-10966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10966",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142565",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10966",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10966",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10966",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-10966",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-532",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
},
{
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. GE Aestiva and Aespire Contains an authentication vulnerability.Information may be tampered with. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10966"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "BID",
"id": "109102"
},
{
"db": "VULHUB",
"id": "VHN-142565"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10966",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-19-190-01",
"trust": 2.8
},
{
"db": "BID",
"id": "109102",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-532",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2526",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142565",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142565"
},
{
"db": "BID",
"id": "109102"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
},
{
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"id": "VAR-201907-1438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142565"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:25:53.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ge.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-190-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/109102"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10966"
},
{
"trust": 0.9,
"url": "http://www.ge-ip.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10966"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2526/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142565"
},
{
"db": "BID",
"id": "109102"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
},
{
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142565"
},
{
"db": "BID",
"id": "109102"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
},
{
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142565"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109102"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-532"
},
{
"date": "2019-07-10T18:15:10.817000",
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142565"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109102"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006520"
},
{
"date": "2019-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-532"
},
{
"date": "2024-11-21T04:20:15.650000",
"db": "NVD",
"id": "CVE-2019-10966"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Aestiva and Aespire Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-532"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…