PatchSiren cyber security CVE debrief
CVE-2019-9923 Rockwell Automation CVE debrief
A NULL pointer dereference vulnerability exists in GNU Tar versions before 1.32, specifically in the pax_decode_header function within sparse.c. This vulnerability is present in Rockwell Automation DataMosaix Private Cloud versions 7.07 and earlier. The flaw occurs when parsing archives containing malformed extended headers, which can trigger a denial-of-service condition requiring a software restart to recover. The vulnerability carries a HIGH severity CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating network-based exploitation without authentication requirements, with availability impact as the primary concern. Rockwell Automation has addressed this issue in version 7.09.
- Vendor
- Rockwell Automation
- Product
- DataMosaix Private Cloud
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-10
- Original CVE updated
- 2024-10-10
- Advisory published
- 2024-10-10
- Advisory updated
- 2024-10-10
Who should care
Organizations operating Rockwell Automation DataMosaix Private Cloud versions 7.07 or earlier, particularly in industrial control system (ICS) and operational technology (OT) environments where availability is critical. System administrators, OT security engineers, and asset owners responsible for maintaining continuous operations of DataMosaix Private Cloud deployments should prioritize remediation.
Technical summary
The vulnerability exists in the pax_decode_header function in sparse.c within GNU Tar versions prior to 1.32. When DataMosaix Private Cloud processes archives with malformed extended headers, a NULL pointer dereference occurs, resulting in denial of service. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates the vulnerability is exploitable over the network without authentication, with low attack complexity and high availability impact. No confidentiality or integrity impacts are associated with this vulnerability.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Rockwell Automation DataMosaix Private Cloud to version 7.09 or later to address the underlying GNU Tar vulnerability
- Implement network segmentation to limit exposure of DataMosaix Private Cloud systems to untrusted networks
- Apply principle of least privilege for access to archive processing functions
- Monitor for unexpected service restarts or crashes in DataMosaix Private Cloud that may indicate exploitation attempts
- Review and implement CISA ICS recommended practices for industrial control system security
- Validate integrity of archive files before processing within DataMosaix Private Cloud environments
Evidence notes
CISA published advisory ICSA-24-284-16 on 2024-10-10 identifying this vulnerability in Rockwell Automation DataMosaix Private Cloud. The advisory confirms affected versions are 7.07 and earlier, with remediation available in version 7.09. The underlying vulnerability stems from GNU Tar before version 1.32.
Official resources
-
CVE-2019-9923 CVE record
CVE.org
-
CVE-2019-9923 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-10