Details of VAR-201907-0068

ID

VAR-201907-0068

CVE

CVE-2019-6823

TITLE

ProClima Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006405

DESCRIPTION

A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. ProClima Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data. Attackers can exploit this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components

Trust: 1.8

sources: NVD: CVE-2019-6823 // JVNDB: JVNDB-2019-006405 // VULHUB: VHN-158258 // VULMON: CVE-2019-6823

AFFECTED PRODUCTS

vendor:

schneider electric

model:

proclima

scope:

version:

8.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-006405 // NVD: CVE-2019-6823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6823
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6823
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-780
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158258
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-6823
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6823
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-158258
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6823
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6823
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158258 // VULMON: CVE-2019-6823 // JVNDB: JVNDB-2019-006405 // CNNVD: CNNVD-201907-780 // NVD: CVE-2019-6823

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-158258 // JVNDB: JVNDB-2019-006405 // NVD: CVE-2019-6823

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-780

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-780

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006405

PATCH

title:	SEVD-2019-162-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/	Trust: 0.8
title:	Schneider Electric ProClima Fixes for code injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95256	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-6823	Trust: 0.1

sources: VULMON: CVE-2019-6823 // JVNDB: JVNDB-2019-006405 // CNNVD: CNNVD-201907-780

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6823	Trust: 2.6
db:	SCHNEIDER	id:	SEVD-2019-162-01	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-295-01	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-006405	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-780	Trust: 0.7
db:	VULHUB	id:	VHN-158258	Trust: 0.1
db:	VULMON	id:	CVE-2019-6823	Trust: 0.1

sources: VULHUB: VHN-158258 // VULMON: CVE-2019-6823 // JVNDB: JVNDB-2019-006405 // CNNVD: CNNVD-201907-780 // NVD: CVE-2019-6823

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/	Trust: 1.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-295-01	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6823	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6823	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/94.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-6823	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-158258 // VULMON: CVE-2019-6823 // JVNDB: JVNDB-2019-006405 // CNNVD: CNNVD-201907-780 // NVD: CVE-2019-6823

SOURCES

db:	VULHUB	id:	VHN-158258
db:	VULMON	id:	CVE-2019-6823
db:	JVNDB	id:	JVNDB-2019-006405
db:	CNNVD	id:	CNNVD-201907-780
db:	NVD	id:	CVE-2019-6823

LAST UPDATE DATE

2024-11-23T22:06:09.233000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158258	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-6823	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-006405	date:	2019-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-780	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-6823	date:	2024-11-21T04:47:13.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158258	date:	2019-07-15T00:00:00
db:	VULMON	id:	CVE-2019-6823	date:	2019-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-006405	date:	2019-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201907-780	date:	2019-07-15T00:00:00
db:	NVD	id:	CVE-2019-6823	date:	2019-07-15T21:15:10.663