CVE-2018-19282

{"id": "CVE-2018-19282", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-04-04T21:29:00.660", "references": [{"url": "https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01", "tags": ["US Government Resource", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control."}, {"lang": "es", "value": "Los motores de corriente alterna de Rockwell Automation PowerFlex 525, en versiones 5.001 y anteriores, permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un cierre inesperado de la pila de red de del CIP (Common Industrial Protocol). Esta vulnerabilidad permite al atacante cerrar inesperadamente el CIP de manera tal que no acepte nuevas conexiones, sino que mantenga activas las conexiones actuales, lo cual puede impedir a los usuarios recuperar el control."}], "lastModified": "2019-04-09T14:35:02.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:powerflex_525_ac_drives_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D8D4D32-D6DE-414C-9321-DCB1F334DAA9", "versionEndIncluding": "5.001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:powerflex_525_ac_drives:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA8E8497-2C75-4C2C-ACF6-1C1D79DF4F37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}