Lucene search

SchneiderCVE-2019-6820

HistoryMay 22, 2019 - 8:29 p.m.

CVE-2019-6820

2019-05-2220:29:02

CWE-306

schneider

web.nvd.nist.gov

cve-2019-6820

modicon

m100

m200

m221

atv imc

m241

m251

m258

lmc058

lmc078

pacdrive eco

pacdrive pro

pacdrive pro2

nvd

vulnerability

security

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

Affected configurations

Nvd

Node

schneider-electricmodicon_m100_firmware

AND

schneider-electricmodicon_m100Match-

Node

schneider-electricmodicon_m200_firmware

AND

schneider-electricmodicon_m200Match-

Node

schneider-electricmodicon_m221_firmware

AND

schneider-electricmodicon_m221Match-

Node

schneider-electricatv_imc_drive_controller_firmware

AND

schneider-electricatv_imc_drive_controllerMatch-

Node

schneider-electricmodicon_m241_firmware

AND

schneider-electricmodicon_m241Match-

Node

schneider-electricmodicon_m251_firmware

AND

schneider-electricmodicon_m251Match-

Node

schneider-electricmodicon_m258_firmware

AND

schneider-electricmodicon_m258Match-

Node

schneider-electricmodicon_lmc058_firmware

AND

schneider-electricmodicon_lmc058Match-

Node

schneider-electricmodicon_lmc078_firmware

AND

schneider-electricmodicon_lmc078Match-

Node

schneider-electricpacdrive_eco_firmware

AND

schneider-electricpacdrive_ecoMatch-

Node

schneider-electricpacdrive_pro_firmware

AND

schneider-electricpacdrive_proMatch-

Node

schneider-electricpacdrive_pro2_firmware

AND

schneider-electricpacdrive_pro2Match-

VendorProductVersionCPE
schneider-electricmodicon_m100_firmware*cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m100-cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*
schneider-electricmodicon_m200_firmware*cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m200-cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*
schneider-electricmodicon_m221_firmware*cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m221-cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*
schneider-electricatv_imc_drive_controller_firmware*cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware:*:*:*:*:*:*:*:*
schneider-electricatv_imc_drive_controller-cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:*:*:*:*:*:*:*
schneider-electricmodicon_m241_firmware*cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m241-cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_m100_firmware	*	cpe:2.3:o:schneider-electric:modicon_m100_firmware::::::::
schneider-electric	modicon_m100	-	cpe:2.3:h:schneider-electric:modicon_m100:-:::::::*
schneider-electric	modicon_m200_firmware	*	cpe:2.3:o:schneider-electric:modicon_m200_firmware::::::::
schneider-electric	modicon_m200	-	cpe:2.3:h:schneider-electric:modicon_m200:-:::::::*
schneider-electric	modicon_m221_firmware	*	cpe:2.3:o:schneider-electric:modicon_m221_firmware::::::::
schneider-electric	modicon_m221	-	cpe:2.3:h:schneider-electric:modicon_m221:-:::::::*
schneider-electric	atv_imc_drive_controller_firmware	*	cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware::::::::
schneider-electric	atv_imc_drive_controller	-	cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:::::::*
schneider-electric	modicon_m241_firmware	*	cpe:2.3:o:schneider-electric:modicon_m241_firmware::::::::
schneider-electric	modicon_m241	-	cpe:2.3:h:schneider-electric:modicon_m241:-:::::::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "Modicon and PacDrive Controller, All versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Modicon and PacDrive Controller, All versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2"
      }
    ]
  }
]

References

www.schneider-electric.com/en/download/document/SEVD-2019-134-02/

Social References

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVE-2019-6820