CVE-2019-19885
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.
En Bender COMTRAXX, la autorización del usuario es comprobada para la mayoría, pero no para todas, las rutas del sistema. Un usuario con conocimiento de las rutas puede leer y escribir datos de configuración sin autorización previa. Esto afecta a los dispositivos COM465IP, COM465DP, COM465ID, CP700, CP907 y CP915 versiones anteriores a 4.2.0
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-18 CVE Reserved
- 2020-10-16 CVE Published
- 2024-08-05 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-043 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bender Search vendor "Bender" | Com465ip Firmware Search vendor "Bender" for product "Com465ip Firmware" | < 4.2.0 Search vendor "Bender" for product "Com465ip Firmware" and version " < 4.2.0" | - |
Affected
| in | Bender Search vendor "Bender" | Com465ip Search vendor "Bender" for product "Com465ip" | - | - |
Safe
|
| Bender Search vendor "Bender" | Com465dp Firmware Search vendor "Bender" for product "Com465dp Firmware" | < 4.2.0 Search vendor "Bender" for product "Com465dp Firmware" and version " < 4.2.0" | - |
Affected
| in | Bender Search vendor "Bender" | Com465dp Search vendor "Bender" for product "Com465dp" | - | - |
Safe
|
| Bender Search vendor "Bender" | Com465id Firmware Search vendor "Bender" for product "Com465id Firmware" | < 4.2.0 Search vendor "Bender" for product "Com465id Firmware" and version " < 4.2.0" | - |
Affected
| in | Bender Search vendor "Bender" | Com465id Search vendor "Bender" for product "Com465id" | - | - |
Safe
|
| Bender Search vendor "Bender" | Cp700 Firmware Search vendor "Bender" for product "Cp700 Firmware" | < 4.2.0 Search vendor "Bender" for product "Cp700 Firmware" and version " < 4.2.0" | - |
Affected
| in | Bender Search vendor "Bender" | Cp700 Search vendor "Bender" for product "Cp700" | - | - |
Safe
|
| Bender Search vendor "Bender" | Cp907 Firmware Search vendor "Bender" for product "Cp907 Firmware" | < 4.2.0 Search vendor "Bender" for product "Cp907 Firmware" and version " < 4.2.0" | - |
Affected
| in | Bender Search vendor "Bender" | Cp907 Search vendor "Bender" for product "Cp907" | - | - |
Safe
|
| Bender Search vendor "Bender" | Cp915 Firmware Search vendor "Bender" for product "Cp915 Firmware" | < 4.2.0 Search vendor "Bender" for product "Cp915 Firmware" and version " < 4.2.0" | - |
Affected
| in | Bender Search vendor "Bender" | Cp915 Search vendor "Bender" for product "Cp915" | - | - |
Safe
|