CVE-2019-7672

moderate-risk
Published 2019-06-05

Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Primasystems

References (8)

Broken Link https://applied-risk.com/index.php/download_file/view/199/165
Third Party Advisory https://applied-risk.com/labs/advisories
Exploit https://applied-risk.com/resources/ar-2019-007
Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Broken Link https://applied-risk.com/index.php/download_file/view/199/165
Third Party Advisory https://applied-risk.com/labs/advisories
Exploit https://applied-risk.com/resources/ar-2019-007
Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-19-211-02
38
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 5/34 · Minimal