cvelistv5 - cve-2019-6832

CVE-2019-6832 (GCVE-0-2019-6832)

Vulnerability from cvelistv5

Published

2019-09-17 19:31

Modified

2024-08-04 20:31

Severity ?

CWE

CWE-287 - Authentication

Summary

References

URL

ghsa-754f-pvcx-m72f

Vulnerability from github

Published

2022-05-24 16:56

Modified

2022-09-04 00:00

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-17T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.",
  "id": "GHSA-754f-pvcx-m72f",
  "modified": "2022-09-04T00:00:23Z",
  "published": "2022-05-24T16:56:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6832"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-6832

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6832

Aliases

CVE-2019-6832

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6832",
    "description": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.",
    "id": "GSD-2019-6832"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6832"
      ],
      "details": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.",
      "id": "GSD-2019-6832",
      "modified": "2023-12-13T01:23:49.495291Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2019-6832",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "spaceLYnk",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions before 2.4.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Wiser for KNX",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions before 2.4.0 - formerly known as homeLYnk"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287: Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:wiser_for_knx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.4.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:lss100100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.4.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:lss100200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6832"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.5
        }
      },
      "lastModifiedDate": "2022-09-03T03:43Z",
      "publishedDate": "2019-09-17T20:15Z"
    }
  }
}

fkie_cve-2019-6832

Vulnerability from fkie_nvd

Published

2019-09-17 20:15

Modified

2024-11-21 04:47

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	wiser_for_knx_firmware	*
schneider-electric	lss100100	-
schneider-electric	spacelynk_firmware	*
schneider-electric	lss100200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:wiser_for_knx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F3391F-8C1E-4A9D-B132-54A5B8CE6D20",
              "versionEndExcluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:lss100100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F4CDA1-427C-4EF3-B9BE-0DD8CBA81A2D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "101D3290-C8D8-43A7-A50B-B38EA90073FC",
              "versionEndExcluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:lss100200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94DF1B52-1609-4985-B670-BC6AE5675E19",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication."
    },
    {
      "lang": "es",
      "value": "A CWE-287: Se presenta vulnerabilidad de Autenticaci\u00f3n en spaceLYnk (todas las versiones anteriores a 2.4.0) y Wiser for KNX (todas las versiones anteriores a 2.4.0 - anteriormente conocido como homeLYnk), lo que podr\u00eda causar la p\u00e9rdida de control cuando un atacante omite la autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2019-6832",
  "lastModified": "2024-11-21T04:47:14.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-17T20:15:12.407",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions antérieures à 1.1.0
Schneider Electric	N/A	Wiser for KNX (anciennement homeLYnk) versions antérieures à 2.4.0
Schneider Electric	N/A	Modicon Premium
Schneider Electric	N/A	TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et antérieure, sans le correctif de sécurité TelevisGo_HotFix_20190715.exe
Schneider Electric	N/A	Magelis HMIGTO series
Schneider Electric	N/A	Magelis XBTGH series
Schneider Electric	N/A	Magelis HMIGTUX series
Schneider Electric	N/A	Magelis XBTGC series
Schneider Electric	N/A	Modicon M580 versions antérieures à V2.90
Schneider Electric	N/A	Magelis HMIGTU series
Schneider Electric	N/A	BMXNOR0200H Ethernet / Serial RTU module
Schneider Electric	N/A	Magelis HMISTO series
Schneider Electric	N/A	Magelis HMISCU series
Schneider Electric	N/A	Magelis HMIGXO series
Schneider Electric	Modicon M340	Modicon M340 versions antérieures à V3.10
Schneider Electric	N/A	Schneider Electric Software Update (SESU) SUT Service component versions antérieures à 2.3.1
Schneider Electric	N/A	Magelis XBTGT series
Schneider Electric	N/A	Magelis HMIGXU series
Schneider Electric	N/A	Magelis HMISTU series
Schneider Electric	N/A	spaceLYnk versions antérieures à 2.4.0
Schneider Electric	N/A	Modicon Quantum

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2019-225-06 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-04 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-01 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-03 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-07 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-02 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-134-11 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-05 du 13 août 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Premium",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGTO series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis XBTGH series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGTUX series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis XBTGC series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGTU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "BMXNOR0200H Ethernet / Serial RTU module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMISTO series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMISCU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGXO series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.10",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis XBTGT series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGXU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMISTU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Quantum",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-15361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15361"
    },
    {
      "name": "CVE-2019-8262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
    },
    {
      "name": "CVE-2019-8277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
    },
    {
      "name": "CVE-2019-6828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6828"
    },
    {
      "name": "CVE-2019-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
    },
    {
      "name": "CVE-2019-8269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8269"
    },
    {
      "name": "CVE-2019-8260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
    },
    {
      "name": "CVE-2019-8263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
    },
    {
      "name": "CVE-2019-6832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6832"
    },
    {
      "name": "CVE-2019-8261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
    },
    {
      "name": "CVE-2019-8276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8276"
    },
    {
      "name": "CVE-2018-7846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
    },
    {
      "name": "CVE-2019-8259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
    },
    {
      "name": "CVE-2018-7842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
    },
    {
      "name": "CVE-2018-7849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
    },
    {
      "name": "CVE-2019-8271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8271"
    },
    {
      "name": "CVE-2019-6831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6831"
    },
    {
      "name": "CVE-2019-6813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6813"
    },
    {
      "name": "CVE-2019-6809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6809"
    },
    {
      "name": "CVE-2019-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6829"
    },
    {
      "name": "CVE-2018-7852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7852"
    },
    {
      "name": "CVE-2019-8267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8267"
    },
    {
      "name": "CVE-2019-6830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6830"
    },
    {
      "name": "CVE-2019-6810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6810"
    },
    {
      "name": "CVE-2018-7854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
    },
    {
      "name": "CVE-2019-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
    },
    {
      "name": "CVE-2018-7844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
    },
    {
      "name": "CVE-2018-7847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
    },
    {
      "name": "CVE-2018-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
    },
    {
      "name": "CVE-2019-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
    },
    {
      "name": "CVE-2019-8274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8274"
    },
    {
      "name": "CVE-2019-6808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
    },
    {
      "name": "CVE-2019-6826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6826"
    },
    {
      "name": "CVE-2018-7850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
    },
    {
      "name": "CVE-2018-7856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
    },
    {
      "name": "CVE-2019-8266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8266"
    },
    {
      "name": "CVE-2019-8270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8270"
    },
    {
      "name": "CVE-2019-6834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6834"
    },
    {
      "name": "CVE-2019-68067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-68067"
    },
    {
      "name": "CVE-2018-7845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
    },
    {
      "name": "CVE-2019-8258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8258"
    },
    {
      "name": "CVE-2018-7857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
    },
    {
      "name": "CVE-2019-8264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
    },
    {
      "name": "CVE-2019-6833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6833"
    },
    {
      "name": "CVE-2019-8272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8272"
    },
    {
      "name": "CVE-2019-8268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8268"
    },
    {
      "name": "CVE-2019-68077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-68077"
    },
    {
      "name": "CVE-2019-8273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8273"
    },
    {
      "name": "CVE-2018-7853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
    },
    {
      "name": "CVE-2018-7843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
    },
    {
      "name": "CVE-2018-7848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
    }
  ],
  "initial_release_date": "2019-08-13T00:00:00",
  "last_revision_date": "2019-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-384",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-13T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
      "revision_date": "2019-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf\u0026p_Doc_Ref=SEVD-2019-225-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf\u0026p_Doc_Ref=SEVD-2019-225-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-134-11"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-05"
    }
  ]
}

cnvd-2020-28494

Vulnerability from cnvd

Title

Schneider Electric Wiser for KNX和spaceLYnk 授权问题漏洞

Description

Schneider Electric spaceLYnk和Wiser for KNX都是法国施耐德电气（Schneider Electric）公司的产品。spaceLYnk是一款可编程逻辑控制器。Wiser for KNX是一套家庭自动化控制系统 Schneider Electric spaceLYnk 2.4.0之前版本和Wiser for KNX 2.4.0之前版本存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Schneider Electric Wiser for KNX和spaceLYnk 授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/

Reference

https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/

Impacted products

Name
['Schneider Electric Schneider Electric spaceLYnk <2.4.0', 'Schneider Electric Wiser for KNX <2.4.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6832",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6832"
    }
  },
  "description": "Schneider Electric spaceLYnk\u548cWiser for KNX\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002spaceLYnk\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002Wiser for KNX\u662f\u4e00\u5957\u5bb6\u5ead\u81ea\u52a8\u5316\u63a7\u5236\u7cfb\u7edf\n\nSchneider Electric spaceLYnk 2.4.0\u4e4b\u524d\u7248\u672c\u548cWiser for KNX 2.4.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-28494",
  "openTime": "2020-05-17",
  "patchDescription": "Schneider Electric spaceLYnk\u548cWiser for KNX\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002spaceLYnk\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002Wiser for KNX\u662f\u4e00\u5957\u5bb6\u5ead\u81ea\u52a8\u5316\u63a7\u5236\u7cfb\u7edf\r\n\r\nSchneider Electric spaceLYnk 2.4.0\u4e4b\u524d\u7248\u672c\u548cWiser for KNX 2.4.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric Wiser for KNX\u548cspaceLYnk \u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric Schneider Electric spaceLYnk \u003c2.4.0",
      "Schneider Electric Wiser for KNX \u003c2.4.0"
    ]
  },
  "referenceLink": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-23",
  "title": "Schneider Electric Wiser for KNX\u548cspaceLYnk \u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

var-201909-0048

Vulnerability from variot

A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. spaceLYnk and Wiser for KNX Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Schneider Electric spaceLYnk and Wiser for KNX are products of Schneider Electric in France. spaceLYnk is a programmable logic controller. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0048",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spacelynk",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "2.4.0"
      },
      {
        "model": "wiser for knx",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "2.4.0"
      },
      {
        "model": "electric schneider electric spacelynk",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2.4.0"
      },
      {
        "model": "electric wiser for knx",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2.4.0"
      },
      {
        "model": "lss100200",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "lss100100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:schneider_electric:spacelynk_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:schneider_electric:wiser_for_knx_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      }
    ]
  },
  "cve": "CVE-2019-6832",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-6832",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-28494",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-6832",
            "impactScore": 5.5,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 8.3,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6832",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6832",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6832",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-28494",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-824",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-6832",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6832"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. spaceLYnk and Wiser for KNX Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Schneider Electric spaceLYnk and Wiser for KNX are products of Schneider Electric in France. spaceLYnk is a programmable logic controller. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6832"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6832",
        "trust": 3.1
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2019-225-07",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6832",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6832"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "id": "VAR-201909-0048",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:33:46.671000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2019-225-07",
        "trust": 0.8,
        "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/"
      },
      {
        "title": "Patch for Schneider Electric Wiser for KNX and spaceLYnk authorization issue vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/217743"
      },
      {
        "title": "Schneider Electric Wiser for KNX  and spaceLYnk Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98354"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-07/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6832"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6832"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-6832"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6832"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6832"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "date": "2019-09-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6832"
      },
      {
        "date": "2019-09-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "date": "2019-09-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "date": "2019-09-17T20:15:12.407000",
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-28494"
      },
      {
        "date": "2022-09-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6832"
      },
      {
        "date": "2019-09-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      },
      {
        "date": "2024-11-21T04:47:14.493000",
        "db": "NVD",
        "id": "CVE-2019-6832"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "spaceLYnk and  Wiser for KNX Authentication vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009524"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-824"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6832 (GCVE-0-2019-6832)

Vulnerability from cvelistv5

ghsa-754f-pvcx-m72f

Vulnerability from github

gsd-2019-6832

Vulnerability from gsd

fkie_cve-2019-6832

Vulnerability from fkie_nvd

CERTFR-2019-AVI-384

Vulnerability from certfr_avis

Solution

cnvd-2020-28494

Vulnerability from cnvd

var-201909-0048

Vulnerability from variot

Tags

Sightings

Nomenclature