IM
IronMonkey Threat Research

CVE-2019-18253 CRITICAL

Published: 2019-11-27 | Last Modified: 2024-11-21 | Status: Modified

Description

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.

Additional Descriptions (1)

Un atacante podría utilizar rutas especialmente diseñadas en una petición específica para leer o eliminar archivos desde Relion 670 Series (versiones 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1 y anteriores) fuera del directorio previsto.

CVSS Metrics

Base Score: 10.0 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 6.0

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-22
[email protected] Primary
en CWE-22

Affected Products

Vendor Product Version Update Type
hitachienergy relion_670_firmware * <built-in method update of dict object at 0x72a9cc46f580> Operating System
hitachienergy relion_670_firmware * <built-in method update of dict object at 0x72a9b0a874c0> Operating System
hitachienergy relion_670_firmware * <built-in method update of dict object at 0x72a9b0a85040> Operating System
hitachienergy relion_670_firmware * <built-in method update of dict object at 0x72a9b0a86c40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:*

References

Notification
Message here