cnvd-2019-15887
Vulnerability from cnvd
Title: 多款Schneider Electric产品访问控制错误漏洞
Description:
Schneider Electric Modicon M100等都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric Modicon M100是一款可编程逻辑控制器。Schneider Electric Modicon LMC078是一款用于运动控制器。Schneider Electric ATV IMC drive controller是一款驱动控制器。
多款Schneider Electric产品中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问,可能导致修改设备IP配置(IP地址,网络掩码和网关IP地址)。
Severity: 中
Formal description:
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.schneider-electric.com/
Reference: https://web.nvd.nist.gov//vuln/detail/CVE-2019-6820
Impacted products
| Name | ['Schneider Electric Modicon M258', 'Schneider Electric Modicon LMC058', 'Schneider Electric Modicon LMC078', 'Schneider Electric PacDrive Eco', 'Schneider Electric PacDrive Pro', 'Schneider Electric PacDrive Pro2', 'Schneider Electric Modicon M200', 'Schneider Electric Modicon M221', 'Schneider Electric ATV IMC drive controller', 'Schneider Electric Modicon M241', 'Schneider Electric Modicon M251'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-6820",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6820"
}
},
"description": "Schneider Electric Modicon M100\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric Modicon M100\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002Schneider Electric Modicon LMC078\u662f\u4e00\u6b3e\u7528\u4e8e\u8fd0\u52a8\u63a7\u5236\u5668\u3002Schneider Electric ATV IMC drive controller\u662f\u4e00\u6b3e\u9a71\u52a8\u63a7\u5236\u5668\u3002\n\n\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\uff0c\u53ef\u80fd\u5bfc\u81f4\u4fee\u6539\u8bbe\u5907IP\u914d\u7f6e\uff08IP\u5730\u5740\uff0c\u7f51\u7edc\u63a9\u7801\u548c\u7f51\u5173IP\u5730\u5740\uff09\u3002",
"discovererName": "Schneider Electric",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-15887",
"openTime": "2019-05-30",
"products": {
"product": [
"Schneider Electric Modicon M258",
"Schneider Electric Modicon LMC058",
"Schneider Electric Modicon LMC078",
"Schneider Electric PacDrive Eco",
"Schneider Electric PacDrive Pro",
"Schneider Electric PacDrive Pro2",
"Schneider Electric Modicon M200",
"Schneider Electric Modicon M221",
"Schneider Electric ATV IMC drive controller",
"Schneider Electric Modicon M241",
"Schneider Electric Modicon M251"
]
},
"referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2019-6820",
"serverity": "\u4e2d",
"submitTime": "2019-05-22",
"title": "\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…