CVE-2019-7670 Information

Description

Prima Systems FlexAir Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component which could allow attackers to execute commands directly on the operating system.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/155271/FlexAir-Access-Control-2.3.38-Remote-Root.html https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-007 https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2