Details of VAR-201907-0069

ID

VAR-201907-0069

CVE

CVE-2019-6824

TITLE

ProClima Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006406

DESCRIPTION

A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. ProClima Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-6824 // JVNDB: JVNDB-2019-006406 // VULHUB: VHN-158259 // VULMON: CVE-2019-6824

AFFECTED PRODUCTS

vendor:

schneider electric

model:

proclima

scope:

version:

8.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-006406 // NVD: CVE-2019-6824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6824
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6824
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-781
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158259
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-6824
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6824
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-158259
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6824
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6824
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158259 // VULMON: CVE-2019-6824 // JVNDB: JVNDB-2019-006406 // CNNVD: CNNVD-201907-781 // NVD: CVE-2019-6824

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-158259 // JVNDB: JVNDB-2019-006406 // NVD: CVE-2019-6824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-781

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-781

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006406

PATCH

title:	SEVD-2019-162-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/	Trust: 0.8
title:	Schneider Electric ProClima Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95257	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-6824	Trust: 0.1

sources: VULMON: CVE-2019-6824 // JVNDB: JVNDB-2019-006406 // CNNVD: CNNVD-201907-781

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6824	Trust: 2.6
db:	SCHNEIDER	id:	SEVD-2019-162-01	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-295-01	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-006406	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-781	Trust: 0.7
db:	VULHUB	id:	VHN-158259	Trust: 0.1
db:	VULMON	id:	CVE-2019-6824	Trust: 0.1

sources: VULHUB: VHN-158259 // VULMON: CVE-2019-6824 // JVNDB: JVNDB-2019-006406 // CNNVD: CNNVD-201907-781 // NVD: CVE-2019-6824

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/	Trust: 1.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-295-01	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6824	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6824	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-6824	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-158259 // VULMON: CVE-2019-6824 // JVNDB: JVNDB-2019-006406 // CNNVD: CNNVD-201907-781 // NVD: CVE-2019-6824

SOURCES

db:	VULHUB	id:	VHN-158259
db:	VULMON	id:	CVE-2019-6824
db:	JVNDB	id:	JVNDB-2019-006406
db:	CNNVD	id:	CNNVD-201907-781
db:	NVD	id:	CVE-2019-6824

LAST UPDATE DATE

2024-11-23T22:06:09.292000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158259	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-6824	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-006406	date:	2019-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-781	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-6824	date:	2024-11-21T04:47:13.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158259	date:	2019-07-15T00:00:00
db:	VULMON	id:	CVE-2019-6824	date:	2019-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-006406	date:	2019-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201907-781	date:	2019-07-15T00:00:00
db:	NVD	id:	CVE-2019-6824	date:	2019-07-15T21:15:10.727