From 82f7b54efc8a80d80f264961519fa0201f38b771 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 31 Jul 2019 16:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/7xxx/CVE-2019-7280.json | 7 ++++++- 2019/7xxx/CVE-2019-7666.json | 7 ++++++- 2019/7xxx/CVE-2019-7672.json | 7 ++++++- 2019/9xxx/CVE-2019-9189.json | 7 ++++++- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/2019/7xxx/CVE-2019-7280.json b/2019/7xxx/CVE-2019-7280.json index ba9005b9589..990d475d794 100644 --- a/2019/7xxx/CVE-2019-7280.json +++ b/2019/7xxx/CVE-2019-7280.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Prima Systems FlexAir devices have an Insufficient Session-ID Length." + "value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.applied-risk.com/resources/ar-2019-007", "url": "https://www.applied-risk.com/resources/ar-2019-007" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02" } ] } diff --git a/2019/7xxx/CVE-2019-7666.json b/2019/7xxx/CVE-2019-7666.json index 85430433033..809cb3c35e8 100644 --- a/2019/7xxx/CVE-2019-7666.json +++ b/2019/7xxx/CVE-2019-7666.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Prima Systems FlexAir devices allow authentication with MD5 hashes directly." + "value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.applied-risk.com/resources/ar-2019-007", "url": "https://www.applied-risk.com/resources/ar-2019-007" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02" } ] } diff --git a/2019/7xxx/CVE-2019-7672.json b/2019/7xxx/CVE-2019-7672.json index df1805e0753..1d929d9ab18 100644 --- a/2019/7xxx/CVE-2019-7672.json +++ b/2019/7xxx/CVE-2019-7672.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Prima Systems FlexAir devices have Hard-coded Credentials." + "value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges." } ] }, @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://applied-risk.com/resources/ar-2019-007", "url": "https://applied-risk.com/resources/ar-2019-007" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02" } ] } diff --git a/2019/9xxx/CVE-2019-9189.json b/2019/9xxx/CVE-2019-9189.json index cee33be5311..0ebcf7f08d9 100644 --- a/2019/9xxx/CVE-2019-9189.json +++ b/2019/9xxx/CVE-2019-9189.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "On Prima Systems FlexAir devices through 2.4.9api3, an authenticated user can upload Python (.py) scripts and execute arbitrary code with root privileges." + "value": "Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access." } ] }, @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://applied-risk.com/resources/ar-2019-007", "url": "https://applied-risk.com/resources/ar-2019-007" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02" } ] }