CVE-2019-6855

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1:-:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
References () https://www.se.com/ww/en/download/document/SEVD-2019-344-02/ - Vendor Advisory () https://www.se.com/ww/en/download/document/SEVD-2019-344-02/ - Vendor Advisory

Information

Published : 2020-01-06 23:15

Updated : 2024-11-21 04:47


NVD link : CVE-2019-6855

Mitre link : CVE-2019-6855

CVE.ORG link : CVE-2019-6855


JSON object : View

Products Affected

schneider-electric

  • modicon_m580_bmep584040s
  • modicon_m580_bmep583020
  • modicon_m580_bmeh582040_firmware
  • modicon_m580_bmep583020_firmware
  • modicon_m580_bmeh584040
  • modicon_m340_bmxp3420102
  • modicon_m580_bmeh586040s_firmware
  • modicon_m580_bmep583040
  • modicon_m580_bmep586040
  • modicon_m580_bmep584020
  • modicon_m580_bmep582040s
  • ecostruxure_control_expert
  • modicon_m580_bmep581020_firmware
  • modicon_m340_bmxp3420302_firmware
  • modicon_m340_bmxp341000
  • modicon_m580_bmep584040_firmware
  • modicon_m580_bmep582020
  • modicon_m580_bmep582040s_firmware
  • modicon_m340_bmxp3420102_firmware
  • modicon_m340_bmxp341000_firmware
  • modicon_m580_bmep584040
  • modicon_m580_bmeh584040_firmware
  • modicon_m580_bmeh582040
  • modicon_m580_bmeh586040_firmware
  • modicon_m580_bmeh586040s
  • modicon_m580_bmep584040s_firmware
  • modicon_m580_bmeh584040s_firmware
  • modicon_m340_bmxp342000_firmware
  • unity_pro
  • modicon_m580_bmep585040
  • modicon_m580_bmep585040_firmware
  • modicon_m580_bmep583040_firmware
  • modicon_m340_bmxp342000
  • modicon_m580_bmep586040_firmware
  • modicon_m340_bmxp3420302
  • modicon_m580_bmeh586040
  • modicon_m580_bmep582040_firmware
  • modicon_m580_bmep581020
  • modicon_m580_bmep582020_firmware
  • modicon_m340_bmxp342020_firmware
  • modicon_m580_bmep584020_firmware
  • modicon_m340_bmxp342020
  • modicon_m580_bmeh584040s
  • modicon_m580_bmep582040
CWE
CWE-863

Incorrect Authorization