var-202001-1872
Vulnerability from variot
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) and Unity Pro are products of the French company Schneider Electric. Schneider Electric EcoStruxure Control Expert is a set of programming software for Schneider Electric logic controller products. Unity Pro is a set of universal programming, debugging and operating software for the Modicon Premium, Atrium and Quantum PLC series. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1872", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "modicon m580 bmep582020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep586040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep583040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "ecostruxure control expert", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "14.1" }, { "model": "modicon m580 bmeh582040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m340 bmxp3420102", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.20" }, { "model": "modicon m580 bmep584040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmeh586040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m340 bmxp3420302", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.20" }, { "model": "modicon m340 bmxp342020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.20" }, { "model": "modicon m340 bmxp341000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.20" }, { "model": "modicon m580 bmep584020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep585040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep582040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep581020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmeh584040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep583020", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep584040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmep582040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "unity pro", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "modicon m580 bmeh586040s", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580 bmeh584040", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m340 bmxp342000", "scope": "lt", "trust": 1.0, "vendor": "schneider electric", "version": "3.20" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "14.1" }, { "model": "ecostruxure control expert", "scope": "eq", "trust": 0.8, "vendor": "schneider electric", "version": "14.0" }, { "model": "unity pro", "scope": null, "trust": 0.8, "vendor": "schneider electric", "version": null }, { "model": "electric unity pro", "scope": null, "trust": 0.6, "vendor": "schneider", "version": null }, { "model": "electric ecostruxure control expert", "scope": "eq", "trust": 0.6, "vendor": "schneider", "version": "14.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "NVD", "id": "CVE-2019-6855" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:schneider_electric:ecostruxure_control_expert", "vulnerable": true }, { "cpe22Uri": "cpe:/a:schneider_electric:unity_pro", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014098" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rongkuan Ma, Xin Che and Peng Cheng (Zhejiang University)", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-140" } ], "trust": 0.6 }, "cve": "CVE-2019-6855", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-6855", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-03779", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-158290", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2019-6855", "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 7.3, "baseSeverity": "High", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2019-6855", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6855", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6855", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-03779", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202001-140", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201912-831", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-158290", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "VULHUB", "id": "VHN-158290" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" }, { "db": "NVD", "id": "CVE-2019-6855" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. Schneider Electric EcoStruxure Control Expert (formerly known as Unity Pro) and Unity Pro are products of the French company Schneider Electric. Schneider Electric EcoStruxure Control Expert is a set of programming software for Schneider Electric logic controller products. Unity Pro is a set of universal programming, debugging and operating software for the Modicon Premium, Atrium and Quantum PLC series. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a network system or product. No detailed vulnerability details are provided at this time", "sources": [ { "db": "NVD", "id": "CVE-2019-6855" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "VULHUB", "id": "VHN-158290" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6855", "trust": 3.7 }, { "db": "SCHNEIDER", "id": "SEVD-2019-344-02", "trust": 2.3 }, { "db": "JVNDB", "id": "JVNDB-2019-014098", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201912-831", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202001-140", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-03779", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-158290", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "VULHUB", "id": "VHN-158290" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" }, { "db": "NVD", "id": "CVE-2019-6855" } ] }, "id": "VAR-202001-1872", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "VULHUB", "id": "VHN-158290" } ], "trust": 1.4310185 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" } ] }, "last_update_date": "2024-11-23T22:29:47.024000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2019-344-02", "trust": 0.8, "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-02" }, { "title": "Patch for Schneider Electric EcoStruxure Control Expert and Unity Pro Licensing Issue Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/199155" }, { "title": "Schneider Electric EcoStruxure Control Expert and Unity Pro Remediation measures for authorization problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=108294" }, { "title": "Schneider Electric EcoStruxure Control Expert Remediation measures for authorization problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105932" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-863", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158290" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "NVD", "id": "CVE-2019-6855" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6855" }, { "trust": 2.3, "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-02/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6855" }, { "trust": 0.6, "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-02" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18181" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "VULHUB", "id": "VHN-158290" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" }, { "db": "NVD", "id": "CVE-2019-6855" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-03779" }, { "db": "VULHUB", "id": "VHN-158290" }, { "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" }, { "db": "NVD", "id": "CVE-2019-6855" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-05T00:00:00", "db": "CNVD", "id": "CNVD-2020-03779" }, { "date": "2020-01-06T00:00:00", "db": "VULHUB", "id": "VHN-158290" }, { "date": "2020-01-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "date": "2020-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-140" }, { "date": "2019-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-831" }, { "date": "2020-01-06T23:15:11.237000", "db": "NVD", "id": "CVE-2019-6855" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-05T00:00:00", "db": "CNVD", "id": "CNVD-2020-03779" }, { "date": "2021-12-10T00:00:00", "db": "VULHUB", "id": "VHN-158290" }, { "date": "2020-01-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014098" }, { "date": "2022-11-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202001-140" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-831" }, { "date": "2024-11-21T04:47:17.287000", "db": "NVD", "id": "CVE-2019-6855" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" } ], "trust": 1.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "EcoStruxure Control Expert and Unity Pro Vulnerable to unauthorized authentication", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014098" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202001-140" }, { "db": "CNNVD", "id": "CNNVD-201912-831" } ], "trust": 1.2 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.