CVE-2019-19106 CRITICAL

CVE-2019-19106: ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues

Vendor Abb

Product TG/S 3.2 Telephone Gateway

Weakness CWE-264

Published April 22, 2020

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.

Key dates

02Disclosure timeline

April 22, 2020 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-19106 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/264.html

Related vulnerabilities

Identifiers

CVE CVE-2019-19106

CWE CWE-264

CVSS 9.1 / CRITICAL

Affected versions

Vendor Abb

Product TG/S 3.2 Telephone Gateway

Affected 2CDG 110 135 R0011

Vendor Busch-Jaeger

Product 6186/11 Telefon-Gateway

Affected 2CKA006136A0187

CVE-2019-19106: ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Access Control issues

01Description

02Disclosure timeline

03References

04Related CVE