CVE-2019-6833

A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://security.cse.iitk.ac.in/responsible-disclosure
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01	Vendor Advisory
https://security.cse.iitk.ac.in/responsible-disclosure
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:hmigto_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmigto1300:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto1310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto2300:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto2310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto2315:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto3510:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto4310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto5310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto5315:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto6310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto6315:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:hmisto_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmisto501:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto511:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto512:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto531:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto532:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto705:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto715:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto735:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:xbtgh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:xbtgh2460:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:schneider-electric:hmigtu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmig2u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig3u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig3ufc:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5u2:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5ufc:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5ul8a:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:hmiscu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmiscu6a5:-:::::::*
	cpe:2.3:h:schneider-electric:hmiscu6b5:-:::::::*
	cpe:2.3:h:schneider-electric:hmiscu8a5:-:::::::*
	cpe:2.3:h:schneider-electric:hmiscu8b5:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:hmistu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmistu655:-:::::::*
	cpe:2.3:h:schneider-electric:hmistu655w:-:::::::*
	cpe:2.3:h:schneider-electric:hmistu855:-:::::::*
	cpe:2.3:h:schneider-electric:hmistu855w:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:xbtgt_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:xbtgt2430:-:::::::*
	cpe:2.3:h:schneider-electric:xbtgt2930:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:hmigxo_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:hmigxo:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:hmigxu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmigxu35:-:::::::*
	cpe:2.3:h:schneider-electric:hmigxu55:-:::::::*

History

21 Nov 2024, 04:47

Type	Values Removed	Values Added
References	~~() https://security.cse.iitk.ac.in/responsible-disclosure -~~	() https://security.cse.iitk.ac.in/responsible-disclosure -
References	~~() https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01 - Vendor Advisory~~	() https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01 - Vendor Advisory

Information

Published : 2019-09-17 20:15

Updated : 2024-11-21 04:47

NVD link : CVE-2019-6833

Mitre link : CVE-2019-6833

CVE.ORG link : CVE-2019-6833

JSON object : View

Products Affected

schneider-electric

hmisto_firmware
hmigto2300
xbtgt_firmware
hmig2u
hmiscu8b5
hmisto532
hmig5ufc
hmigto5315
hmigto3510
hmigto5310
hmigto2315
hmistu855w
hmisto531
hmisto501
hmigto1310
hmig3ufc
hmiscu8a5
hmigxu_firmware
hmistu655
hmiscu6b5
hmiscu6a5
hmistu655w
hmig5ul8a
hmigxu55
hmisto715
hmigto1300
hmigto2310
xbtgt2930
hmisto512
hmigxu35
hmigtu_firmware
hmig5u2
hmiscu_firmware
hmistu855
xbtgh_firmware
hmigto6315
hmigto4310
hmisto735
hmigxo
xbtgh2460
hmig3u
hmistu_firmware
hmigto6310
hmig5u
hmigto_firmware
hmigxo_firmware
xbtgt2430
hmisto705
hmisto511

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-6833

6.5^/10

4.3^/10

Attach tags to `CVE-2019-6833`