CVE-2019-11536
Last modified
CVE-2019-11536 is a vulnerability of currently unknown severity. Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser.. EPSS estimates a 1.90% chance of exploitation in the next 30 days.
Description
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The attack requires network connectivity to the device and exploits the webserver interface, typically through a browser.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kalkitech | Sync3000 Firmware | 2.22.6 |
| Kalkitech | Sync3000 Firmware | 2.23.0 |
| Kalkitech | Sync3000 Firmware | 2.24.0 |
| Kalkitech | Sync3000 Firmware | 3.0.0 |
| Kalkitech | Sync3000 Firmware | 3.1.0 |
| Kalkitech | Sync3000 Firmware | 3.1.16 |
| Kalkitech | Sync3000 Firmware | 3.2.3 |
| Kalkitech | Sync3000 Firmware | 3.2.6 |
| Kalkitech | Sync3000 Firmware | 3.5.0 |
| Kalkitech | Sync3000 Firmware | 3.6.0 |
| Kalkitech | Sync3000 Firmware | 3.6.1 |
References
- https://www.kalkitech.com/cybersecurity/Vendor Advisory
- https://www.kalkitech.com/cybersecurity/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11536?
How severe is CVE-2019-11536?
How do I fix CVE-2019-11536?
Are you affected by CVE-2019-11536?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST