Versio.io

CVE-2019-6855

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 07-01-2020 12:15
Last modified: - 31-01-2022 08:33
Total changes: - 6

Description

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Low
Attack complexity
Network
Attack vector
Low
Availability
Low
Confidentiality
Low
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.3
Base score
3.9
3.4
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=schneider-electric AND product=unity_pro
vendor=schneider-electric AND product=ecostruxure_control_expert AND versionEndExcluding=14.1
vendor=schneider-electric AND product=ecostruxure_control_expert AND version=14.1 AND update=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep584040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep584040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmeh584040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmeh584040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep586040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep586040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmeh586040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmeh586040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep581020_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep581020 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep582020_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep582020 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep582040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep582040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep583020_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep583020 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep583040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep583040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep584020_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep584020 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep585040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep585040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmeh582040_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmeh582040 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep584040s_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep584040s AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmeh584040s_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmeh584040s AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmeh586040s_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmeh586040s AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m580_bmep582040s_firmware AND versionEndExcluding=3.10
OR
vendor=schneider-electric AND product=modicon_m580_bmep582040s AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m340_bmxp3420302_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=modicon_m340_bmxp3420302 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m340_bmxp342020_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=modicon_m340_bmxp342020 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m340_bmxp342000_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=modicon_m340_bmxp342000 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m340_bmxp341000_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=modicon_m340_bmxp341000 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m340_bmxp3420102_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=modicon_m340_bmxp3420102 AND version=-
AND
OR
vendor=schneider-electric AND product=modicon_m340_bmxp3420302_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=modicon_m340_bmxp3420302 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2019-6855

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.