Details of VAR-201610-0696

ID

VAR-201610-0696

TITLE

Schneider Electric TSXP572634M model PLC bypasses authentication vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-07650

DESCRIPTION

Schneider Electric Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. After the configuration software is connected to the PLC, all computers that have successfully connected to the PLC can operate the PLC through the coil writing operation of the 90 function code. As a result, the verification process of the PLC will be bypassed and there will be security loopholes. An unauthorized operation was performed due to certain security restrictions

Trust: 0.72

sources: CNVD: CNVD-2016-07650 // IVD: 1a154a27-c442-40c9-967a-8e56cf73f371

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 1a154a27-c442-40c9-967a-8e56cf73f371 // CNVD: CNVD-2016-07650

AFFECTED PRODUCTS

vendor:	schneider	model:	electric tsxp572634m models	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric tsxp572634m model	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 1a154a27-c442-40c9-967a-8e56cf73f371 // CNVD: CNVD-2016-07650

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-07650
value:	HIGH
Trust: 0.6
IVD:	1a154a27-c442-40c9-967a-8e56cf73f371
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2016-07650
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	1a154a27-c442-40c9-967a-8e56cf73f371
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 1a154a27-c442-40c9-967a-8e56cf73f371 // CNVD: CNVD-2016-07650

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 1a154a27-c442-40c9-967a-8e56cf73f371

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-07650	Trust: 0.8
db:	IVD	id:	1A154A27-C442-40C9-967A-8E56CF73F371	Trust: 0.2

sources: IVD: 1a154a27-c442-40c9-967a-8e56cf73f371 // CNVD: CNVD-2016-07650

SOURCES

db:	IVD	id:	1a154a27-c442-40c9-967a-8e56cf73f371
db:	CNVD	id:	CNVD-2016-07650

LAST UPDATE DATE

2022-05-17T01:41:09.098000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-07650

date:

2016-11-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	1a154a27-c442-40c9-967a-8e56cf73f371	date:	2016-10-26T00:00:00
db:	CNVD	id:	CNVD-2016-07650	date:	2016-11-02T00:00:00