How severe is CVE-2019-10939?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-10939?

This is classified as CWE-489, which is a common weakness in software security.

CVE-2019-10939 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.

Related Vulnerabilities

CVE-2023-0954

CRITICAL

CVSS:9.8(Critical)

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.

CWE-4892023

CVE-2023-22357

CRITICAL

CVSS:9.8(Critical)

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacke...

CWE-4892023

CVE-2023-32645

CRITICAL

CVSS:9.8(Critical)

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker...

CWE-4892023

CVE-2023-34346

CRITICAL

CVSS:9.8(Critical)

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker ...

CWE-4892023

CVE-2023-4804

CRITICAL

CVSS:9.8(Critical)

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CWE-4892023

CVE-2024-21785

CRITICAL

CVSS:9.8(Critical)

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorize...

CWE-4892024