Details of VAR-201907-0070

ID

VAR-201907-0070

CVE

CVE-2019-6825

TITLE

ProClima Vulnerabilities in uncontrolled search path elements

Trust: 0.8

sources: JVNDB: JVNDB-2019-006577

DESCRIPTION

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. ProClima Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric ProClima is a set of heat calculation software from Schneider Electric, France. This software provides thermal management functions for the environment and electrical/electronic equipment installed in the control panel by analyzing specified thermal data. A code issue vulnerability exists in Schneider Electric ProClima versions prior to 8.0.0. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.8

sources: NVD: CVE-2019-6825 // JVNDB: JVNDB-2019-006577 // VULHUB: VHN-158260 // VULMON: CVE-2019-6825

AFFECTED PRODUCTS

vendor:

schneider electric

model:

proclima

scope:

version:

8.0.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-006577 // NVD: CVE-2019-6825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6825
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6825
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-782
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158260
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-6825
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6825
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-158260
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6825
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6825
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158260 // VULMON: CVE-2019-6825 // JVNDB: JVNDB-2019-006577 // CNNVD: CNNVD-201907-782 // NVD: CVE-2019-6825

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.9

sources: VULHUB: VHN-158260 // JVNDB: JVNDB-2019-006577 // NVD: CVE-2019-6825

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-782

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-782

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006577

PATCH

title:	SEVD-2019-162-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/	Trust: 0.8
title:	Schneider Electric ProClima Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95258	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-6825	Trust: 0.1

sources: VULMON: CVE-2019-6825 // JVNDB: JVNDB-2019-006577 // CNNVD: CNNVD-201907-782

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6825	Trust: 2.6
db:	SCHNEIDER	id:	SEVD-2019-162-01	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-295-01	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-006577	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-782	Trust: 0.7
db:	CNVD	id:	CNVD-2021-102432	Trust: 0.1
db:	VULHUB	id:	VHN-158260	Trust: 0.1
db:	VULMON	id:	CVE-2019-6825	Trust: 0.1

sources: VULHUB: VHN-158260 // VULMON: CVE-2019-6825 // JVNDB: JVNDB-2019-006577 // CNNVD: CNNVD-201907-782 // NVD: CVE-2019-6825

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2019-162-01/	Trust: 1.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-295-01	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6825	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6825	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/427.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-6825	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-158260 // VULMON: CVE-2019-6825 // JVNDB: JVNDB-2019-006577 // CNNVD: CNNVD-201907-782 // NVD: CVE-2019-6825

SOURCES

db:	VULHUB	id:	VHN-158260
db:	VULMON	id:	CVE-2019-6825
db:	JVNDB	id:	JVNDB-2019-006577
db:	CNNVD	id:	CNNVD-201907-782
db:	NVD	id:	CVE-2019-6825

LAST UPDATE DATE

2024-11-23T22:06:09.263000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158260	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-6825	date:	2022-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006577	date:	2019-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-782	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-6825	date:	2024-11-21T04:47:13.673

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158260	date:	2019-07-15T00:00:00
db:	VULMON	id:	CVE-2019-6825	date:	2019-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-006577	date:	2019-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-782	date:	2019-07-15T00:00:00
db:	NVD	id:	CVE-2019-6825	date:	2019-07-15T21:15:10.790