CVE-2019-6820

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

CVSS v3 8.2 HIGH
CVSS v2.0 6.4 MEDIUM

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_lmc078_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_lmc078:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:pacdrive_eco_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pacdrive_eco:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:pacdrive_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pacdrive_pro:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:pacdrive_pro2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pacdrive_pro2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-22 20:29

Updated : 2024-02-28 17:08

NVD link : CVE-2019-6820

Mitre link : CVE-2019-6820

CVE.ORG link : CVE-2019-6820

JSON object : View

Products Affected

schneider-electric

modicon_lmc078
modicon_m258
modicon_m200_firmware
modicon_m251_firmware
modicon_m100
modicon_lmc058
modicon_m241
modicon_lmc078_firmware
modicon_m221
atv_imc_drive_controller_firmware
pacdrive_eco_firmware
pacdrive_pro_firmware
pacdrive_eco
pacdrive_pro
atv_imc_drive_controller
pacdrive_pro2
modicon_m241_firmware
modicon_m221_firmware
modicon_m258_firmware
modicon_lmc058_firmware
modicon_m200
modicon_m251
pacdrive_pro2_firmware
modicon_m100_firmware

CWE

CWE-306

Missing Authentication for Critical Function

8.2 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-6820

8.2^/10

6.4^/10

Attach tags to `CVE-2019-6820`