CVE-2019-13524

Published: Jan 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.

Affected (9)

Products: Emerson: Rx3i Cpe100 Firmware, Rx3i Cpe115 Firmware, Rx3i Cpe302 Firmware, Rx3i Cpe305 Firmware, Rx3i Cpe310 Firmware, Rx3i Cru320 Firmware, Rx3i Cpe330 Firmware, Rx3i Cpe400 Firmware, Rx3i Cpl410 Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe100 Firmware	Before r9.85

Running on/with	Platform Versions
Emerson Rx3i Cpe100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe115 Firmware	Before r9.85

Running on/with	Platform Versions
Emerson Rx3i Cpe115	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe302 Firmware	Before r9.90

Running on/with	Platform Versions
Emerson Rx3i Cpe302	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe305 Firmware	Before r9.90

Running on/with	Platform Versions
Emerson Rx3i Cpe305	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe310 Firmware	Before r9.90

Running on/with	Platform Versions
Emerson Rx3i Cpe310	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cru320 Firmware	All versions

Running on/with	Platform Versions
Emerson Rx3i Cru320	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe330 Firmware	Before r9.90

Running on/with	Platform Versions
Emerson Rx3i Cpe330	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpe400 Firmware	Before r9.90

Running on/with	Platform Versions
Emerson Rx3i Cpe400	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emerson Rx3i Cpl410 Firmware	Before r9.90

Running on/with	Platform Versions
Emerson Rx3i Cpl410	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-014-01

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-014-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.