Lucene search

[email protected]NVD:CVE-2019-6820

HistoryMay 22, 2019 - 8:29 p.m.

CVE-2019-6820

2019-05-2220:29:02

CWE-306

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

Affected configurations

Nvd

Node

schneider-electricmodicon_m100_firmware

AND

schneider-electricmodicon_m100Match-

Node

schneider-electricmodicon_m200_firmware

AND

schneider-electricmodicon_m200Match-

Node

schneider-electricmodicon_m221_firmware

AND

schneider-electricmodicon_m221Match-

Node

schneider-electricatv_imc_drive_controller_firmware

AND

schneider-electricatv_imc_drive_controllerMatch-

Node

schneider-electricmodicon_m241_firmware

AND

schneider-electricmodicon_m241Match-

Node

schneider-electricmodicon_m251_firmware

AND

schneider-electricmodicon_m251Match-

Node

schneider-electricmodicon_m258_firmware

AND

schneider-electricmodicon_m258Match-

Node

schneider-electricmodicon_lmc058_firmware

AND

schneider-electricmodicon_lmc058Match-

Node

schneider-electricmodicon_lmc078_firmware

AND

schneider-electricmodicon_lmc078Match-

Node

schneider-electricpacdrive_eco_firmware

AND

schneider-electricpacdrive_ecoMatch-

Node

schneider-electricpacdrive_pro_firmware

AND

schneider-electricpacdrive_proMatch-

Node

schneider-electricpacdrive_pro2_firmware

AND

schneider-electricpacdrive_pro2Match-

VendorProductVersionCPE
schneider-electricmodicon_m100_firmware*cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m100-cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*
schneider-electricmodicon_m200_firmware*cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m200-cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*
schneider-electricmodicon_m221_firmware*cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m221-cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*
schneider-electricatv_imc_drive_controller_firmware*cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware:*:*:*:*:*:*:*:*
schneider-electricatv_imc_drive_controller-cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:*:*:*:*:*:*:*
schneider-electricmodicon_m241_firmware*cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m241-cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_m100_firmware	*	cpe:2.3:o:schneider-electric:modicon_m100_firmware::::::::
schneider-electric	modicon_m100	-	cpe:2.3:h:schneider-electric:modicon_m100:-:::::::*
schneider-electric	modicon_m200_firmware	*	cpe:2.3:o:schneider-electric:modicon_m200_firmware::::::::
schneider-electric	modicon_m200	-	cpe:2.3:h:schneider-electric:modicon_m200:-:::::::*
schneider-electric	modicon_m221_firmware	*	cpe:2.3:o:schneider-electric:modicon_m221_firmware::::::::
schneider-electric	modicon_m221	-	cpe:2.3:h:schneider-electric:modicon_m221:-:::::::*
schneider-electric	atv_imc_drive_controller_firmware	*	cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware::::::::
schneider-electric	atv_imc_drive_controller	-	cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:::::::*
schneider-electric	modicon_m241_firmware	*	cpe:2.3:o:schneider-electric:modicon_m241_firmware::::::::
schneider-electric	modicon_m241	-	cpe:2.3:h:schneider-electric:modicon_m241:-:::::::*

Rows per page:

1-10 of 241

References

www.schneider-electric.com/en/download/document/SEVD-2019-134-02/

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for NVD:CVE-2019-6820

cvelist1 cve1 nessus2 prion1