CVE-2019-6517 - OpenCVE

BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bd	Facslyric Ivd Facslyric

Configuration 1 [-]

OR	cpe:2.3:o:bd:facslyric:-:::::::*
	cpe:2.3:o:bd:facslyric_ivd:-:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/106766	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-01-29T00:00:00

Updated: 2019-02-07T10:57:02

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6517

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-06T21:29:00.813

Modified: 2020-10-19T17:48:39.557

Link: CVE-2019-6517

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "BD FACSLyric", "vendor": "ICS-CERT", "versions": [{"status": "affected", "version": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release."}]}], "datePublic": "2019-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "IMPROPER ACCESS CONTROL CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-02-07T10:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "106766", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106766"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2019-01-29T00:00:00", "ID": "CVE-2019-6517", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BD FACSLyric", "version": {"version_data": [{"version_value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release."}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER ACCESS CONTROL CWE-284"}]}]}, "references": {"reference_data": [{"name": "106766", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106766"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6517", "datePublished": "2019-01-29T00:00:00", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2019-02-07T10:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bd:facslyric:-:*:*:*:*:*:*:*", "matchCriteriaId": "850536B6-A7B2-4AAD-B4C1-1CBAC80B2E97", "vulnerable": true}, {"criteria": "cpe:2.3:o:bd:facslyric_ivd:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AC873A3-9B20-4AEB-B264-6D4CCAA959E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions."}, {"lang": "es", "value": "BD FACSLyric Research Use Only, para el sistema operativo Windows 10 Professional Operating System, en las distribuciones de EEUU y Malasia entre noviembre de 2017 y noviembre de 2018; y BD FACSLyric IVD, para el sistema operativo Windows 10 Professional Operating System, en las distribuciones de EEUU, no aplican correctamente el control de acceso de usuarios a las cuentas privilegiadas, lo que podr\u00eda permitir el acceso no autorizado a las funciones de nivel administrativo."}], "id": "CVE-2019-6517", "lastModified": "2020-10-19T17:48:39.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-06T21:29:00.813", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106766"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}