Fujifilm FCR Carbon X/FCR Capsula X/FCR XC-2 TCP Packet Resource Exhaustion denial of service – Digitalmunition

Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on April 24th, 2019 📆 | 8138 Views ⚑


Fujifilm FCR Carbon X/FCR Capsula X/FCR XC-2 TCP Packet Resource Exhaustion denial of service

CVSS Meta Temp ScoreCurrent Exploit Price (≈)

A vulnerability classified as critical was found in Fujifilm FCR Carbon X, FCR Capsula X and FCR XC-2. This vulnerability affects the functionality of the component TCP Packet Handler. The manipulation with an unknown input leads to a denial of service vulnerability (Resource Exhaustion). The CWE definition for the vulnerability is CWE-400. As an impact it is known to affect availability.

The bug was discovered 01/23/2019. The weakness was disclosed 04/23/2019 by Marc Ruef and Rocco Gagliardi with scip AG as ICSMA-19-113-01 as confirmed ics-cert (Website). The advisory is available at ics-cert.us-cert.gov. The public release has been coordinated in cooperation with the vendor. This vulnerability was named CVE-2019-10948. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are unknown but a private exploit is available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 04/24/2019). The advisory points out:

The device is susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted.

A private exploit has been developed by Marc Ruef/Rocco Gagliardi. It is declared as functional. The vulnerability was handled as a non-public zero-day exploit for at least 90 days. During that time the estimated underground price was around $5k-$25k.

It is possible to mitigate the problem by applying the configuration setting . A possible mitigation has been published immediately after the disclosure of the vulnerability. The ics-cert contains the following remark:

Fujifilm has stated the CR-IR 357 system can be configured with what they call Secure Host functionality. This configuration of the software instructs CR-IR 357 to ignore all network traffic other than from the IP address of the Fujifilm image acquisition console. However, this configuration prevents more than one image acquisition console to share the CR-IR 357 Reader Unit. If the user has not implemented Reader Unit sharing, they may contact Fujifilm to request Secure Host functionality be enabled.

The entries 134003 are pretty similar.



VulDB Meta Base Score: 7.5
VulDB Meta Temp Score: 7.0

VulDB Base Score: 7.5
VulDB Temp Score: 7.0
VulDB Vector: ?
VulDB Reliability: ?

Researcher Base Score: 7.5
Researcher Vector: ?


VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Denial of service / Resource Exhaustion (CWE-400)
Local: No
Remote: Yes

Availability: ?
Access: Private
Status: Functional
Author: Marc Ruef/Rocco Gagliardi
Reliability: ?

Price Prediction: ?
Current Price Estimation: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Config
Status: ?
Reliability: ?
Reaction Time: ?
0-Day Time: ?
Exposure Time: ?01/23/2019 Vulnerability found
02/08/2019 +16 days Vendor informed
04/23/2019 +74 days Advisory disclosed
04/23/2019 +0 days Countermeasure disclosed
04/24/2019 +1 days VulDB entry created
04/24/2019 +0 days VulDB last updateAdvisory: ICSMA-19-113-01
Researcher: Marc Ruef/Rocco Gagliardi
Organization: scip AG
Status: Confirmed
Coordinated: ?

CVE: CVE-2019-10948 (?)
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: ?

Created: 04/24/2019 01:20 PM
Complete: ?

Use the official API to access entries easily!


Tagged with:

Leave a Reply ✍