Code Execution Vulnerability in PSI GridConnect Telecontrol Gateway and Smart Telecontrol Unit
CVE-2019-6528

8.8HIGH

Key Information:

Vendor: Ics-cert
Status: Psi Gridconnect Gmbh (formerly Known As Psi Nentec Gmbh) Telecontrol Gateway And Smart Telecontrol Unit Family, Iec104 Security Proxy.
Vendor: CVE Published:; 5 March 2019

What is CVE-2019-6528?

A vulnerability exists in the web application interface of the PSI GridConnect Telecontrol Gateway and Smart Telecontrol Unit products that allows an attacker to inject active content through improperly sanitized user input. This can lead to arbitrary code execution, posing a significant security risk for affected systems. Users are advised to review and apply security patches to protect against potential exploitation.

Affected Version(s)

PSI GridConnect GmbH (formerly known as PSI Nentec GmbH) Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy. Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior.

References

http://www.securityfocus.com/bid/107201

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Jan 22, 2019

CVE-2019-6528 Data

JSON

Ics-cert

What is CVE-2019-6528?

Affected Version(s)

References

CVSS V3.1

Timeline