CVE-2019-6533

Published: Feb 12, 2019Modified: Jun 17, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).

Affected (1)

Products: Kunbus: Pr100088 Modbus Gateway Firmware

Kunbus

1 product

Pr100088 Modbus Gateway Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kunbus Pr100088 Modbus Gateway Firmware	Before r02

Running on/with	Platform Versions
Kunbus Pr100088 Modbus Gateway	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.