Vulnerability Description
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bender | Com465Ip Firmware | < 4.2.0 |
| Bender | Com465Ip | - |
| Bender | Com465Dp Firmware | < 4.2.0 |
| Bender | Com465Dp | - |
| Bender | Com465Id Firmware | < 4.2.0 |
| Bender | Com465Id | - |
| Bender | Cp700 Firmware | < 4.2.0 |
| Bender | Cp700 | - |
| Bender | Cp907 Firmware | < 4.2.0 |
| Bender | Cp907 | - |
| Bender | Cp915 Firmware | < 4.2.0 |
| Bender | Cp915 | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2020-043Third Party Advisory
- https://cert.vde.com/en-us/advisories/vde-2020-043Third Party Advisory
FAQ
What is CVE-2019-19885?
CVE-2019-19885 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorizatio...
How severe is CVE-2019-19885?
CVE-2019-19885 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19885?
Check the references section above for vendor advisories and patch information. Affected products include: Bender Com465Ip Firmware, Bender Com465Ip, Bender Com465Dp Firmware, Bender Com465Dp, Bender Com465Id Firmware.