Multiple vulnerabilities in Rockwell Automation DataMosaix Private Cloud
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-14855 CVE-2019-17543 CVE-2019-18276 CVE-2019-19244 CVE-2019-9893 CVE-2019-9923 |
| CWE-ID | CWE-327 CWE-122 CWE-273 CWE-20 CWE-682 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
DataMosaix Private Cloud Other software / Other software solutions |
| Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU31993
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14855
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
MitigationInstall update from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-16
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU22494
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17543
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the LZ4_write32 when performing archiving operation with LZ4_compress_fast. A remote attacker can pass specially crafted input to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-16
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Check for Dropped Privileges
EUVDB-ID: #VU24690
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-18276
CWE-ID:
CWE-273 - Improper Check for Dropped Privileges
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Input validation error
EUVDB-ID: #VU23190
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage in select.c . A remote attacker can crash the affected application using a specially crafted SQL query.
Install update from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-16
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect calculation
EUVDB-ID: #VU18322
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9893
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to incorrect 64-bit syscall argument comparison when using arithmetic operators, such as LT, GT, LE, or GE. A local user can bypass seccomp filters and gain elevated privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-16
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU18058
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in sparse.c in when parsing certain archives that have malformed extended headers. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDataMosaix Private Cloud: 7.07
CPE2.3- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:*:*:*:*:*:*:*:
- cpe:2.3:a:rockwell_automation:datamosaix_private_cloud:7.07:*:*:*:*:*:*:
http://www.cisa.gov/news-events/ics-advisories/icsa-24-284-16
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
