CVE-2019-6820

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-05-2019 10:29

Last modified: - 03-02-2022 03:29

Total changes: - 7

Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

Low

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

8.2

Base score

3.9

4.2

Exploitability score

Impact score

Verification logic

AND

vendor=schneider-electric AND product=modicon_m100_firmware

vendor=schneider-electric AND product=modicon_m100 AND version=-

AND

vendor=schneider-electric AND product=modicon_m200_firmware

vendor=schneider-electric AND product=modicon_m200 AND version=-

AND

vendor=schneider-electric AND product=modicon_m221_firmware

vendor=schneider-electric AND product=modicon_m221 AND version=-

AND

vendor=schneider-electric AND product=atv_imc_drive_controller_firmware

vendor=schneider-electric AND product=atv_imc_drive_controller AND version=-

AND

vendor=schneider-electric AND product=modicon_m241_firmware

vendor=schneider-electric AND product=modicon_m241 AND version=-

AND

vendor=schneider-electric AND product=modicon_m251_firmware

vendor=schneider-electric AND product=modicon_m251 AND version=-

AND

vendor=schneider-electric AND product=modicon_m258_firmware

vendor=schneider-electric AND product=modicon_m258 AND version=-

AND

vendor=schneider-electric AND product=modicon_lmc058_firmware

vendor=schneider-electric AND product=modicon_lmc058 AND version=-

AND

vendor=schneider-electric AND product=modicon_lmc078_firmware

vendor=schneider-electric AND product=modicon_lmc078 AND version=-

AND

vendor=schneider-electric AND product=pacdrive_eco_firmware

vendor=schneider-electric AND product=pacdrive_eco AND version=-

AND

vendor=schneider-electric AND product=pacdrive_pro_firmware

vendor=schneider-electric AND product=pacdrive_pro AND version=-

AND

vendor=schneider-electric AND product=pacdrive_pro2_firmware

vendor=schneider-electric AND product=pacdrive_pro2 AND version=-

Reference

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/

Keywords

CVE-2019-6820

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-6820

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures