CVE-2019-6542

Published: Mar 28, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.

Affected (3)

Products: Enttec: Datagate Mk2 Firmware, Storm 24 Firmware, Pixelator Firmware

Enttec

3 products

Datagate Mk2 Firmware

Storm 24 Firmware

Pixelator Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Enttec Datagate Mk2 Firmware	Before 70044_update_05032019-482

Running on/with	Platform Versions
Enttec Datagate Mk2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Enttec Storm 24 Firmware	Before 70050_update_05032019-482

Running on/with	Platform Versions
Enttec Storm 24	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Enttec Pixelator Firmware	Before 70060_update_05032019-482

Running on/with	Platform Versions
Enttec Pixelator	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.