Lucene search

SchneiderCVE-2019-6855

HistoryJan 06, 2020 - 11:15 p.m.

CVE-2019-6855

2020-01-0623:15:11

CWE-863

schneider

web.nvd.nist.gov

148

cve-2019-6855

authorization vulnerability

ecostruxure control expert

unity pro

modicon m340

modicon m580

authentication bypass

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.

Affected configurations

Nvd

Node

schneider-electricecostruxure_control_expertRange<14.1

schneider-electricecostruxure_control_expertMatch14.1-

schneider-electricunity_pro

Node

schneider-electricmodicon_m580_bmep584040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep584040Match-

Node

schneider-electricmodicon_m580_bmeh584040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmeh584040Match-

Node

schneider-electricmodicon_m580_bmep586040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep586040Match-

Node

schneider-electricmodicon_m580_bmeh586040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmeh586040Match-

Node

schneider-electricmodicon_m580_bmep581020_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep581020Match-

Node

schneider-electricmodicon_m580_bmep582020_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep582020Match-

Node

schneider-electricmodicon_m580_bmep582040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep582040Match-

Node

schneider-electricmodicon_m580_bmep583020_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep583020Match-

Node

schneider-electricmodicon_m580_bmep583040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep583040Match-

Node

schneider-electricmodicon_m580_bmep584020_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep584020Match-

Node

schneider-electricmodicon_m580_bmep585040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep585040Match-

Node

schneider-electricmodicon_m580_bmeh582040_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmeh582040Match-

Node

schneider-electricmodicon_m580_bmep584040s_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep584040sMatch-

Node

schneider-electricmodicon_m580_bmeh584040s_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmeh584040sMatch-

Node

schneider-electricmodicon_m580_bmeh586040s_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmeh586040sMatch-

Node

schneider-electricmodicon_m580_bmep582040s_firmwareRange<3.10

AND

schneider-electricmodicon_m580_bmep582040sMatch-

Node

schneider-electricmodicon_m340_bmxp3420302_firmwareRange<3.20

AND

schneider-electricmodicon_m340_bmxp3420302Match-

Node

schneider-electricmodicon_m340_bmxp342020_firmwareRange<3.20

AND

schneider-electricmodicon_m340_bmxp342020Match-

Node

schneider-electricmodicon_m340_bmxp342000_firmwareRange<3.20

AND

schneider-electricmodicon_m340_bmxp342000Match-

Node

schneider-electricmodicon_m340_bmxp341000_firmwareRange<3.20

AND

schneider-electricmodicon_m340_bmxp341000Match-

Node

schneider-electricmodicon_m340_bmxp3420102_firmwareRange<3.20

AND

schneider-electricmodicon_m340_bmxp3420102Match-

Node

schneider-electricmodicon_m340_bmxp3420302_firmwareRange<3.20

AND

schneider-electricmodicon_m340_bmxp3420302Match-

VendorProductVersionCPE
schneider-electricecostruxure_control_expert*cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*
schneider-electricecostruxure_control_expert14.1cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1:-:*:*:*:*:*:*
schneider-electricunity_pro*cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmep584040_firmware*cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmep584040-cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmeh584040_firmware*cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmeh584040-cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmep586040_firmware*cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmep586040-cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*
schneider-electricmodicon_m580_bmeh586040_firmware*cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	ecostruxure_control_expert	*	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::
schneider-electric	ecostruxure_control_expert	14.1	cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1:-::::::
schneider-electric	unity_pro	*	cpe:2.3:a:schneider-electric:unity_pro::::::::
schneider-electric	modicon_m580_bmep584040_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware::::::::
schneider-electric	modicon_m580_bmep584040	-	cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:::::::*
schneider-electric	modicon_m580_bmeh584040_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware::::::::
schneider-electric	modicon_m580_bmeh584040	-	cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:::::::*
schneider-electric	modicon_m580_bmep586040_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware::::::::
schneider-electric	modicon_m580_bmep586040	-	cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:::::::*
schneider-electric	modicon_m580_bmeh586040_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware::::::::

Rows per page:

1-10 of 451

CNA Affected

[
  {
    "product": " EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10)"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2019-344-02/

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

Related for CVE-2019-6855