Vulnerability Details : CVE-2019-7276
Public exploit exists!
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
Products affected by CVE-2019-7276
- cpe:2.3:a:optergy:enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:optergy:proton:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-7276
89.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-7276
-
Optergy Proton and Enterprise BMS Command Injection using a backdoor
Disclosure Date: 2019-11-05First seen: 2023-09-11exploit/linux/http/optergy_bms_backdoor_rce_cve_2019_7276This module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions `2.0.3a` and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdo
CVSS scores for CVE-2019-7276
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2019-7276
-
http://packetstormsecurity.com/files/171564/Optergy-Proton-And-Enterprise-BMS-2.0.3a-Command-Injection.html
Optergy Proton And Enterprise BMS 2.0.3a Command Injection ≈ Packet Storm
-
https://www.applied-risk.com/resources/ar-2019-008
Optergy Proton / Enterprise Multiple Vulnerabilities Optergy Proton / Enterprise Multiple Vulnerabilities - Applied RiskThird Party Advisory
-
http://www.securityfocus.com/bid/108686
Optergy Proton Enterprise Building Management System Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://applied-risk.com/labs/advisories
Resources - Applied RiskThird Party Advisory
Jump to