ICSA-19-211-02 · Published 2019-07-30 · View on CISA ICS-CERT ↗

Prima Systems FlexAir

CVSS 10.0 CRITICAL

Risk Summary

Exploitation of these vulnerabilities may allow an attacker to execute commands directly on the operating system, upload malicious files, perform actions with administrative privileges, execute arbitrary code in a user 's browser, discover login credentials, bypass normal authentication, and have full system access.

CVEs (9)

CVE-2019-7670 CVE-2019-7669 CVE-2019-7281 CVE-2019-7280 CVE-2019-7671 CVE-2019-7667 CVE-2019-7666 CVE-2019-7672 CVE-2019-9189

Remediations

Prima Systems has released Version 2.5.12 to fix these issues.
To update to the latest firmware, each user should select the “Check for Upgrade” option in the “Centrals” menu in the GUI. The user's controller will connect to the Prima Systems server and update to the latest version.

Affected Vendors

Prima Systems

Affected Products (1)

Prima Systems · Prima FlexAir <= 2.3.38

Affected Sectors

Commercial Facilities, Government Facilities, Healthcare and Public Health, Information Technology, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more