CVE-2019-6527
CRITICALPR100088 Modbus Gateway Firmware < r02 - Unauthenticated Admin Password Change
Title source: llmDescription
PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05
Scores
CVSS v3
9.8
EPSS
0.0121
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
kunbus/pr100088_modbus_gateway_firmware
< r02
Published
Feb 12, 2019
Tracked Since
Feb 18, 2026