How severe is CVE-2019-10919?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2019-10919?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2019-10919

CRITICAL Year: 2019

CVSS v3 Score

9.4

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-306

View all →

Vulnerability Description

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVE-2019-17354

CRITICAL

CVSS:9.4(Critical)

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leve...

CWE-3062019

CVE-2020-10265

CRITICAL

CVSS:9.4(Critical)

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that a...

CWE-3062020

CVE-2020-25747

CRITICAL

CVSS:9.4(Critical)

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, t...

CWE-3062020

CVE-2022-26833

CRITICAL

CVSS:9.4(Critical)

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthentica...

CWE-3062022

CVE-2024-10205

CRITICAL

CVSS:9.4(Critical)

Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hita...

CWE-3062024

CVE-2024-9137

HIGH

CVSS:9.4(Critical)

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to...

CWE-3062024

CVE-2019-10919

Vulnerability Description

Related Vulnerabilities

CVE-2019-17354

CVE-2020-10265

CVE-2020-25747

CVE-2022-26833

CVE-2024-10205

CVE-2024-9137