Main Vulnerability Database Vulnerabilities #VU17390

Improper authentication in PR100088 Modbus gateway - CVE-2019-6527

Published: February 5, 2019 / Updated: February 6, 2019

Vulnerability identifier: #VU17390

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-6527

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Kunbus

Affected software:
PR100088 Modbus gateway

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper authentication. A remote attacker can bypass authentication and change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.

How to mitigate CVE-2019-6527

Update to version R02.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05

Improper authentication in PR100088 Modbus gateway - CVE-2019-6527

Detailed vulnerability description

How to mitigate CVE-2019-6527

Sources

Please verify you're human