Vulnerability Description
In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bd | Pyxis Enterprise Server | >= 4.4, <= 4.12 |
| Bd | Pyxis Es | >= 1.3.4, <= 1.6.1 |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsma-19-248-01MitigationThird Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-19-248-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13517?
CVE-2019-13517 is a vulnerability with a CVSS score of 8.8 (HIGH). In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not res...
How severe is CVE-2019-13517?
CVE-2019-13517 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13517?
Check the references section above for vendor advisories and patch information. Affected products include: Bd Pyxis Enterprise Server, Bd Pyxis Es.