Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2019-8998 CVE-2019-13528 |
CWE-ID | CWE-200 CWE-285 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Niagara 4 Framework Universal components / Libraries / Scripting languages Niagara AX Framework Universal components / Libraries / Scripting languages |
Vendor | Tridium |
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU21230
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-8998
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the QNX procfs service provides access to various process information and assets. A local authenticated user can gain unauthorized access to a target address space
MitigationContact vendor for available updates on support channel.
Niagara 4 Framework: 4.4.73.38.1 - 4.7.109.16.1
Niagara AX Framework: 2.7.402.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU21231
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-13528
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionContact vendor for available updates on support channel.
Niagara 4 Framework: 4.4.73.38.1 - 4.7.109.16.1
Niagara AX Framework: 2.7.402.2
http://ics-cert.us-cert.gov/advisories/icsa-19-262-01
http://www.tridium.com/~/media/tridium/library/documents/collateral/technical%20bulletins/qnx_vulne...
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?