High severity8.8NVD Advisory· Published Jun 5, 2019· Updated Jun 17, 2026
CVE-2019-9189
CVE-2019-9189
Description
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Prima Systems/FlexAirdescription
- Range: <=2.4.9api3
Patches
Vulnerability mechanics
References
5- applied-risk.com/index.php/download_file/view/199/165nvdThird Party Advisory
- applied-risk.com/labs/advisoriesnvdThird Party Advisory
- applied-risk.com/resources/ar-2019-007nvdThird Party Advisory
- packetstormsecurity.com/files/155273/Prima-Access-Control-2.3.35-Script-Upload-Remote-Code-Execution.htmlnvd
- www.us-cert.gov/ics/advisories/icsa-19-211-02nvd
News mentions
0No linked articles in our index yet.