cvelistv5 - cve-2019-6854

CVE-2019-6854 (GCVE-0-2019-6854)

Vulnerability from cvelistv5

Published

2020-01-06 22:56

Modified

2024-08-04 20:31

Severity ?

CWE

CWE-287 - Improper Authentication

Summary

References

▼	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-344-05/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-344-05/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)	Version: EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-19T12:10:47",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6854",
    "datePublished": "2020-01-06T22:56:53",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6854\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-01-06T23:15:11.033\",\"lastModified\":\"2024-11-21T04:47:17.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.\"},{\"lang\":\"es\",\"value\":\"CWE-287: Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en una carpeta dentro de EcoStruxure Geo SCADA Expert (ClearSCADA), con versiones iniciales anteriores al 1 de enero de 2019, lo que podr\u00eda causar que un usuario con poco privilegio elimine o modifique archivos de bases de datos, configuraciones o certificados . Esos usuarios necesitan tener acceso al sistema de archivos de ese sistema operativo para explotar esta vulnerabilidad. Las versiones afectadas en el soporte actual incluyen ClearSCADA versi\u00f3n 2017 R3, ClearSCADA versi\u00f3n 2017 R2 y ClearSCADA versi\u00f3n 2017\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC1A189-4500-4EEC-896E-7833225EAF65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F342A21-0F75-44C1-97D4-38F3E54B0F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA1BF60B-98A0-43CE-8C3B-122FB713ABBD\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2019-344-05/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2019-344-05/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-hwwq-6fg7-74h6

Vulnerability from github

Published

2022-05-24 17:05

Modified

2022-05-24 17:05

Details

A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-06T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",
  "id": "GHSA-hwwq-6fg7-74h6",
  "modified": "2022-05-24T17:05:44Z",
  "published": "2022-05-24T17:05:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6854"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2019-6854

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6854

Aliases

CVE-2019-6854

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6854",
    "description": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",
    "id": "GSD-2019-6854"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6854"
      ],
      "details": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",
      "id": "GSD-2019-6854",
      "modified": "2023-12-13T01:23:49.454905Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2019-6854",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/",
            "refsource": "MISC",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6854"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-03T19:23Z",
      "publishedDate": "2020-01-06T23:15Z"
    }
  }
}

var-202001-1852

Vulnerability from variot

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France).

The folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1852",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "clearscada",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "2017"
      },
      {
        "model": "clearscada",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "2017 r2"
      },
      {
        "model": "clearscada",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "2017 r3"
      },
      {
        "model": "electric clearscada r3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2017"
      },
      {
        "model": "electric clearscada r2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2017"
      },
      {
        "model": "electric clearscada",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2017"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:schneider_electric:clearscada",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "William Knowles(Lancaster University)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-6854",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-6854",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-03775",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-158289",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-6854",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6854",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6854",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6854",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-03775",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-138",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-828",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158289",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France). \n\r\n\r\nThe folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6854",
        "trust": 3.7
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2019-344-05",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "id": "VAR-202001-1852",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:55:17.926000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2019-344-05",
        "trust": 0.8,
        "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
      },
      {
        "title": "Patch for Schneider Electric EcoStruxure Geo SCADA Expert Privilege Permission and Access Control Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/199157"
      },
      {
        "title": "Schneider Electric EcoStruxure Geo SCADA Expert Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=108293"
      },
      {
        "title": "Schneider Electric EcoStruxure Geo SCADA Expert Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105539"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      },
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6854"
      },
      {
        "trust": 2.3,
        "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6854"
      },
      {
        "trust": 0.6,
        "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "date": "2020-02-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "date": "2019-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      },
      {
        "date": "2020-01-06T23:15:11.033000",
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "date": "2020-02-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "date": "2022-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "date": "2021-11-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      },
      {
        "date": "2024-11-21T04:47:17.170000",
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ClearSCADA Vulnerabilities in authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2019-6854

Vulnerability from fkie_nvd

Published

2020-01-06 23:15

Modified

2024-11-21 04:47

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-344-05/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-344-05/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	clearscada	2017
schneider-electric	clearscada	2017
schneider-electric	clearscada	2017

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCC1A189-4500-4EEC-896E-7833225EAF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*",
              "matchCriteriaId": "3F342A21-0F75-44C1-97D4-38F3E54B0F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*",
              "matchCriteriaId": "AA1BF60B-98A0-43CE-8C3B-122FB713ABBD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
    },
    {
      "lang": "es",
      "value": "CWE-287: Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en una carpeta dentro de EcoStruxure Geo SCADA Expert (ClearSCADA), con versiones iniciales anteriores al 1 de enero de 2019, lo que podr\u00eda causar que un usuario con poco privilegio elimine o modifique archivos de bases de datos, configuraciones o certificados . Esos usuarios necesitan tener acceso al sistema de archivos de ese sistema operativo para explotar esta vulnerabilidad. Las versiones afectadas en el soporte actual incluyen ClearSCADA versi\u00f3n 2017 R3, ClearSCADA versi\u00f3n 2017 R2 y ClearSCADA versi\u00f3n 2017"
    }
  ],
  "id": "CVE-2019-6854",
  "lastModified": "2024-11-21T04:47:17.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-06T23:15:11.033",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2020-03775

Vulnerability from cnvd

Title: Schneider Electric EcoStruxure Geo SCADA Expert权限许可和访问控制问题漏洞

Description:

Schneider Electric EcoStruxure Geo SCADA Expert（EcoStruxure Geo SCADA Expert）是法国施耐德电气（Schneider Electric）公司的一套数据采集和监控软件（SCADA）.

Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)中的文件夹存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。目前没有详细漏洞细节提供。

Severity: 中

Patch Name: Schneider Electric EcoStruxure Geo SCADA Expert权限许可和访问控制问题漏洞的补丁

Patch Description:

Schneider Electric EcoStruxure Geo SCADA Expert（EcoStruxure Geo SCADA Expert）是法国施耐德电气（Schneider Electric）公司的一套数据采集和监控软件（SCADA）.

Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)中的文件夹存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。目前没有详细漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.se.com/ww/en/download/document/SEVD-2019-344-05

Reference: ttps://nvd.nist.gov/vuln/detail/CVE-2019-6854

Impacted products

Name
['Schneider Electric ClearSCADA 2017 R3', 'Schneider Electric ClearSCADA 2017 R2', 'Schneider Electric ClearSCADA 2017']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6854"
    }
  },
  "description": "Schneider Electric EcoStruxure Geo SCADA Expert\uff08EcoStruxure Geo SCADA Expert\uff09\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u91c7\u96c6\u548c\u76d1\u63a7\u8f6f\u4ef6\uff08SCADA\uff09.\n\nSchneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)\u4e2d\u7684\u6587\u4ef6\u5939\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.se.com/ww/en/download/document/SEVD-2019-344-05",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03775",
  "openTime": "2020-02-05",
  "patchDescription": "Schneider Electric EcoStruxure Geo SCADA Expert\uff08EcoStruxure Geo SCADA Expert\uff09\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u91c7\u96c6\u548c\u76d1\u63a7\u8f6f\u4ef6\uff08SCADA\uff09.\r\n\r\nSchneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)\u4e2d\u7684\u6587\u4ef6\u5939\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric EcoStruxure Geo SCADA Expert\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric ClearSCADA 2017 R3",
      "Schneider Electric ClearSCADA 2017 R2",
      "Schneider Electric ClearSCADA 2017"
    ]
  },
  "referenceLink": "ttps://nvd.nist.gov/vuln/detail/CVE-2019-6854",
  "serverity": "\u4e2d",
  "submitTime": "2020-01-07",
  "title": "Schneider Electric EcoStruxure Geo SCADA Expert\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6854 (GCVE-0-2019-6854)

Vulnerability from cvelistv5

ghsa-hwwq-6fg7-74h6

Vulnerability from github

gsd-2019-6854

Vulnerability from gsd

var-202001-1852

Vulnerability from variot

fkie_cve-2019-6854

Vulnerability from fkie_nvd

cnvd-2020-03775

Vulnerability from cnvd

Tags

Sightings

Nomenclature