cvelistv5 - CVE-2019-6853

CVE-2019-6853 (GCVE-0-2019-6853)

Vulnerability from cvelistv5

Published

2019-11-20 22:01

Modified

2024-08-04 20:31

Severity ?

CWE

CWE-79 - Failure to Preserve Web Page Structure

Summary

References

URL

	Vendor	Product	Version
	Schneider Electric	Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702	Version: Andover Continuum models 9680 Version: 5740 and 5720 Version: bCX4040 Version: bCX9640 Version: 9900 Version: 9940 Version: 9924 and 9702

CERTFR-2019-AVI-562

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Schneider Electric	N/A	les contrôleurs Modicon, voir le site du constructeur pour les modèles vulnérables ainsi que les mesures de contournement (cf. section Documentation)
	Schneider Electric	N/A	Andover Continuum modèles 9680, 5740 et 5720, bCX4040, bCX9640, 9900, 9940, 9924 et 9702

References

Title

Publication Time

gsd-2019-6853

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6853

Aliases

CVE-2019-6853

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6853",
    "description": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.",
    "id": "GSD-2019-6853"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6853"
      ],
      "details": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.",
      "id": "GSD-2019-6853",
      "modified": "2023-12-13T01:23:49.504215Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2019-6853",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Andover Continuum models 9680"
                        },
                        {
                          "version_value": "5740 and 5720"
                        },
                        {
                          "version_value": "bCX4040"
                        },
                        {
                          "version_value": "bCX9640"
                        },
                        {
                          "version_value": "9900"
                        },
                        {
                          "version_value": "9940"
                        },
                        {
                          "version_value": "9924 and 9702"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79: Failure to Preserve Web Page Structure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/",
            "refsource": "CONFIRM",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6853"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-12-03T21:16Z",
      "publishedDate": "2019-11-20T22:15Z"
    }
  }
}

var-201911-0880

Vulnerability from variot

A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server. Andover Continuum Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Schneider Electric Andover Continuum is a set of building automation solutions from Schneider Electric of France. The product includes functions such as heating ventilation and air conditioning and access control. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0880",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "andover continuum 5740",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9680",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 5720",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9200",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9702",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum bcx4040",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum bcx9640",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9900",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9941",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9924",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9940",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 5720",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 5740",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9680",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9702",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9900",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9924",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9940",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum 9941",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum bcx4040",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "andover continuum bcx9640",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "electric andover continuum",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "9924"
      },
      {
        "model": "electric andover continuum",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "9702"
      },
      {
        "model": "electric andover continuum",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "9680"
      },
      {
        "model": "electric andover continuum",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "5740"
      },
      {
        "model": "electric andover continuum bcx4040",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      },
      {
        "model": "electric andover continuum bcx9640",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      },
      {
        "model": "electric andover continuum",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "9900"
      },
      {
        "model": "electric andover continuum",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "9940"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9680",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9702",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9200",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 5740",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 5720",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum bcx4040",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum bcx9640",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9900",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9940",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9941",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "andover continuum 9924",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_5720_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_5740_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_9680_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_9702_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_9900_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_9924_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_9940_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_9941_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_bcx4040_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:andover_continuum_bcx9640_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      }
    ]
  },
  "cve": "CVE-2019-6853",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-6853",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2019-45006",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "b797c169-264e-46d5-b55d-7367808e66c8",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-6853",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2019-6853",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6853",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6853",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-45006",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1208",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "b797c169-264e-46d5-b55d-7367808e66c8",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server. Andover Continuum Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Schneider Electric Andover Continuum is a set of building automation solutions from Schneider Electric of France. The product includes functions such as heating ventilation and air conditioning and access control. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6853",
        "trust": 3.2
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2019-316-01",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "B797C169-264E-46D5-B55D-7367808E66C8",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "id": "VAR-201911-0880",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      }
    ],
    "trust": 1.390277775
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:29:50.567000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2019-316-01",
        "trust": 0.8,
        "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6853"
      },
      {
        "trust": 1.6,
        "url": "https://www.se.com/ww/en/download/document/sevd-2019-316-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6853"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-12T00:00:00",
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "date": "2019-11-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "date": "2019-12-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "date": "2019-11-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "date": "2019-11-20T22:15:12.107000",
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "date": "2019-12-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012543"
      },
      {
        "date": "2019-12-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      },
      {
        "date": "2024-11-21T04:47:17.047000",
        "db": "NVD",
        "id": "CVE-2019-6853"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric Andover Continuum Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "b797c169-264e-46d5-b55d-7367808e66c8"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-45006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1208"
      }
    ],
    "trust": 0.6
  }
}

ghsa-pc4q-2v2h-h23c

Vulnerability from github

Published

2022-05-24 17:01

Modified

2024-04-04 02:40

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-20T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.",
  "id": "GHSA-pc4q-2v2h-h23c",
  "modified": "2024-04-04T02:40:14Z",
  "published": "2022-05-24T17:01:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6853"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2019-6853

Vulnerability from fkie_nvd

Published

2019-11-20 22:15

Modified

2024-11-21 04:47

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-316-01/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-316-01/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	andover_continuum_9680_firmware	-
schneider-electric	andover_continuum_9680	-
schneider-electric	andover_continuum_5740_firmware	-
schneider-electric	andover_continuum_5740	-
schneider-electric	andover_continuum_5720_firmware	-
schneider-electric	andover_continuum_5720	-
schneider-electric	andover_continuum_bcx4040_firmware	-
schneider-electric	andover_continuum_bcx4040	-
schneider-electric	andover_continuum_bcx9640_firmware	-
schneider-electric	andover_continuum_bcx9640	-
schneider-electric	andover_continuum_9900_firmware	-
schneider-electric	andover_continuum_9900	-
schneider-electric	andover_continuum_9940_firmware	-
schneider-electric	andover_continuum_9940	-
schneider-electric	andover_continuum_9941_firmware	-
schneider-electric	andover_continuum_9941	-
schneider-electric	andover_continuum_9924_firmware	-
schneider-electric	andover_continuum_9924	-
schneider-electric	andover_continuum_9702_firmware	-
schneider-electric	andover_continuum_9702	-
schneider-electric	andover_continuum_9200_firmware	-
schneider-electric	andover_continuum_9200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CABA87DF-4D29-41D5-9C04-FCE822E08548",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3FCDE6F-3C90-4494-A768-B9556822555E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAEA00E-C3B6-42B2-823B-5722033E0C46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80F1F9E-89E3-4263-AEA6-555226B412B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B69F42-8AF8-47AA-ABCC-6FCB2ACF8A2B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "373C69FE-14ED-4D75-9E60-BFE90F111D19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7979C28-2D31-4024-B9F9-5BA824D29216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAE3F03-CECB-4B21-987E-B9B7EB1BF3B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB62B8D7-1157-460B-95A8-DF6F553949CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14FDC5C2-695A-4349-B392-82AA8459115B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC56178-69E7-47BC-9965-25EC3CCD7C05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
    },
    {
      "lang": "es",
      "value": "Una CWE-79: Se presenta una vulnerabilidad de Fallo al Preservar la Estructura de la P\u00e1gina Web en Andover Continuum (modelos 9680, 5740 y 5720, bCX4040, bCX9640, 9900, 9940, 9924 y 9702), lo que podr\u00eda permitir un ataque de tipo Cross-site Scripting (XSS) cuando se utiliza el servidor web de productos."
    }
  ],
  "id": "CVE-2019-6853",
  "lastModified": "2024-11-21T04:47:17.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-20T22:15:12.107",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6853 (GCVE-0-2019-6853)

Vulnerability from cvelistv5

CERTFR-2019-AVI-562

Vulnerability from certfr_avis

Solution

gsd-2019-6853

Vulnerability from gsd

var-201911-0880

Vulnerability from variot

ghsa-pc4q-2v2h-h23c

Vulnerability from github

fkie_cve-2019-6853

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature