Improper Input Validation in Cscape by Cscape Technologies
CVE-2019-6555

7.8HIGH

Key Information:

Vendor: Ics-cert
Status: Cscape
Vendor: CVE Published:; 19 February 2019

What is CVE-2019-6555?

An improper input validation vulnerability exists in Cscape products including version 9.80 SP4 and earlier. This flaw can be exploited by attackers through specially crafted POC files, potentially allowing them to read sensitive information and execute arbitrary code remotely. Organizations using affected versions of Cscape should promptly assess their security posture and implement mitigations to protect against possible exploitation.

Affected Version(s)

Cscape 9.80 SP4 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03

x_refsource_MISC

http://www.securityfocus.com/bid/107087

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2019
Vulnerability Reserved
Jan 22, 2019

CVE-2019-6555 Data

JSON

Ics-cert

What is CVE-2019-6555?

Affected Version(s)

References

CVSS V3.1

Timeline