CVE-2019-13524: Input Validation
First published: Thu Jan 16 2020(Updated: )
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Rx3i Cpe100 Firmware | <r9.85 | |
| Emerson Rx3i Cpe100 | ||
| Emerson Rx3i Cpe115 Firmware | <r9.85 | |
| Emerson Rx3i Cpe115 | ||
| Emerson Rx3i Cpe302 Firmware | <r9.90 | |
| Emerson Rx3i Cpe302 | ||
| Emerson Rx3i Cpe305 Firmware | <r9.90 | |
| Emerson Rx3i Cpe305 | ||
| Emerson Rx3i Cpe310 Firmware | <r9.90 | |
| Emerson Rx3i Cpe310 | ||
| Emerson Rx3i Cru320 Firmware | ||
| Emerson Rx3i Cru320 | ||
| Emerson Rx3i Cpe330 Firmware | <r9.90 | |
| Emerson Rx3i Cpe330 | ||
| Emerson Rx3i Cpe400 Firmware | <r9.90 | |
| Emerson Rx3i Cpe400 | ||
| Emerson Rx3i Cpl410 Firmware | <r9.90 | |
| Emerson Rx3i Cpl410 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this GE PACSystems vulnerability?
The vulnerability ID for this GE PACSystems vulnerability is CVE-2019-13524.
What is the severity of CVE-2019-13524?
The severity of CVE-2019-13524 is high with a CVSS score of 7.5.
Which versions of GE PACSystems RX3i CPE100/115 are affected?
All versions prior to R9.85 of GE PACSystems RX3i CPE100/115 are affected.
Which versions of GE PACSystems CPE302/305/310/330/400/410 are affected?
All versions prior to R9.90 of GE PACSystems CPE302/305/310/330/400/410 are affected.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/emerson
- canonical/emerson rx3i cpe100 firmware
- canonical/emerson rx3i cpe100
- canonical/emerson rx3i cpe115 firmware
- canonical/emerson rx3i cpe115
- canonical/emerson rx3i cpe302 firmware
- canonical/emerson rx3i cpe302
- canonical/emerson rx3i cpe305 firmware
- canonical/emerson rx3i cpe305
- canonical/emerson rx3i cpe310 firmware
- canonical/emerson rx3i cpe310
- canonical/emerson rx3i cru320 firmware
- canonical/emerson rx3i cru320
- canonical/emerson rx3i cpe330 firmware
- canonical/emerson rx3i cpe330
- canonical/emerson rx3i cpe400 firmware
- canonical/emerson rx3i cpe400
- canonical/emerson rx3i cpl410 firmware
- canonical/emerson rx3i cpl410