CVE-2019-18253
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.
Un atacante podría utilizar rutas especialmente diseñadas en una petición específica para leer o eliminar archivos desde Relion 670 Series (versiones 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1 y anteriores) fuera del directorio previsto.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-10-22 CVE Reserved
- 2019-11-27 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-330-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitachienergy Search vendor "Hitachienergy" | Relion 670 Firmware Search vendor "Hitachienergy" for product "Relion 670 Firmware" | < 1p1r26 Search vendor "Hitachienergy" for product "Relion 670 Firmware" and version " < 1p1r26" | - |
Affected
| in | Hitachienergy Search vendor "Hitachienergy" | Relion 670 Search vendor "Hitachienergy" for product "Relion 670" | - | - |
Safe
|
| Hitachienergy Search vendor "Hitachienergy" | Relion 670 Firmware Search vendor "Hitachienergy" for product "Relion 670 Firmware" | >= 1.2 < 1.2.3.17 Search vendor "Hitachienergy" for product "Relion 670 Firmware" and version " >= 1.2 < 1.2.3.17" | - |
Affected
| in | Hitachienergy Search vendor "Hitachienergy" | Relion 670 Search vendor "Hitachienergy" for product "Relion 670" | - | - |
Safe
|
| Hitachienergy Search vendor "Hitachienergy" | Relion 670 Firmware Search vendor "Hitachienergy" for product "Relion 670 Firmware" | >= 2.0 < 2.0.0.10 Search vendor "Hitachienergy" for product "Relion 670 Firmware" and version " >= 2.0 < 2.0.0.10" | - |
Affected
| in | Hitachienergy Search vendor "Hitachienergy" | Relion 670 Search vendor "Hitachienergy" for product "Relion 670" | - | - |
Safe
|
| Hitachienergy Search vendor "Hitachienergy" | Relion 670 Firmware Search vendor "Hitachienergy" for product "Relion 670 Firmware" | >= 2.1 < 2.1.0.1 Search vendor "Hitachienergy" for product "Relion 670 Firmware" and version " >= 2.1 < 2.1.0.1" | - |
Affected
| in | Hitachienergy Search vendor "Hitachienergy" | Relion 670 Search vendor "Hitachienergy" for product "Relion 670" | - | - |
Safe
|