CVE-2019-6527

Published: Feb 12, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.

Affected (1)

Products: Kunbus: Pr100088 Modbus Gateway Firmware

Kunbus

1 product

Pr100088 Modbus Gateway Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kunbus Pr100088 Modbus Gateway Firmware	Before r02

Running on/with	Platform Versions
Kunbus Pr100088 Modbus Gateway	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.