Main Vulnerability Database Vulnerabilities #VU17802

#VU17802 Authentication bypass in Allen-Bradley PowerMonitor 1000 - CVE-2019-19616

Published: February 20, 2019

Vulnerability identifier: #VU17802

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-19616

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Allen-Bradley PowerMonitor 1000

Software vendor:
Rockwell Automation

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass using an alternate path or channel. A remote attacker can use a proxy to enable functionality that is typically available to those with administrative rights for the web application, bypass authentication and disrupt user settings and device configuration.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04

#VU17802 Authentication bypass in Allen-Bradley PowerMonitor 1000 - CVE-2019-19616

Description

Remediation

External links

Please verify you're human