#VU17392 Improper input validation in PR100088 Modbus gateway - CVE-2019-6529

Cybersecurity Help s.r.o.

Published: 2019-02-06

Vulnerability identifier: #VU17392

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-6529

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PR100088 Modbus gateway
Hardware solutions / Firmware

Vendor: Kunbus

Description

The vulnerability allows a remote high-privileged attacker to cause DoS condition.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can supply a specially crafted FTP request and crash the device.

Mitigation
Update to version R02.

Vulnerable software versions

PR100088 Modbus gateway: before R02

External links
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Kunbus PR100088 Modbus Gateway