← back
CVE-2019-9189

CVE-2019-9189

28Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 12%
from disclosure to weapon160 days
Published on NVDJun 5
1st PoC+160d
exploitation probability
12%top 4% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.