CVE-2019-7672 Information

Description

Prima Systems FlexAir Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password which may allow an authenticated attacker to escalate privileges.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://applied-risk.com/index.php/download_file/view/199/165 https://applied-risk.com/labs/advisories https://applied-risk.com/resources/ar-2019-007 https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8