Details of VAR-201907-0071

ID

VAR-201907-0071

CVE

CVE-2019-6827

TITLE

Interactive Graphical SCADA System Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-006479

DESCRIPTION

A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. Interactive Graphical SCADA System (IGSS) Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within use of the UnitIdx data in the BaseUnits table. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Schneider Electric Interactive Graphical SCADA System (IGSS) is a set of SCADA (Data Acquisition and Supervisory Control System) system used to monitor and control industrial processes from Schneider Electric in France. A buffer error vulnerability exists in Schneider Electric IGSS 14 and earlier versions. Attackers can use this vulnerability to cause software crashes with the help of specially crafted project files

Trust: 3.24

sources: NVD: CVE-2019-6827 // JVNDB: JVNDB-2019-006479 // ZDI: ZDI-19-671 // CNVD: CNVD-2020-60834 // BID: 109150 // VULHUB: VHN-158262 // VULMON: CVE-2019-6827

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-60834

AFFECTED PRODUCTS

vendor:	schneider electric	model:	interactive graphical scada system	scope:	gte	version:	14.0	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	lt	version:	13.0.0.19140	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	lte	version:	12.0	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	lt	version:	14.0.0.19120	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	gte	version:	13.0	Trust: 1.0
vendor:	schneider electric	model:	interactive graphical scada system	scope:	lte	version:	14	Trust: 0.8
vendor:	schneider electric	model:	igss	scope:	-	version:	-	Trust: 0.7
vendor:	schneider	model:	electric interactive graphical scada system	scope:	lte	version:	<=14	Trust: 0.6
vendor:	schneider electric	model:	interactive graphical scada system	scope:	eq	version:	14	Trust: 0.3
vendor:	schneider electric	model:	interactive graphical scada system	scope:	eq	version:	13	Trust: 0.3
vendor:	schneider electric	model:	interactive graphical scada system	scope:	ne	version:	14.0.0.19120	Trust: 0.3
vendor:	schneider electric	model:	interactive graphical scada system	scope:	ne	version:	13.0.0.19140	Trust: 0.3

sources: ZDI: ZDI-19-671 // CNVD: CNVD-2020-60834 // BID: 109150 // JVNDB: JVNDB-2019-006479 // NVD: CVE-2019-6827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6827
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6827
value:	HIGH
Trust: 0.8
ZDI:	CVE-2019-6827
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2020-60834
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-688
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158262
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-6827
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6827
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-60834
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-158262
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6827
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6827
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2019-6827
baseSeverity:	CRITICAL
baseScore:	7.0
vectorString:	AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-19-671 // CNVD: CNVD-2020-60834 // VULHUB: VHN-158262 // VULMON: CVE-2019-6827 // JVNDB: JVNDB-2019-006479 // CNNVD: CNNVD-201907-688 // NVD: CVE-2019-6827

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.9

sources: VULHUB: VHN-158262 // JVNDB: JVNDB-2019-006479 // NVD: CVE-2019-6827

THREAT TYPE

local

Trust: 0.9

sources: BID: 109150 // CNNVD: CNNVD-201907-688

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-688

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006479

PATCH

title:	SEVD-2019-190-02	url:	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-02	Trust: 0.8
title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-19-192-06	Trust: 0.7
title:	Schneider Electric Interactive Graphical SCADA System Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95222	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-6827	Trust: 0.1

sources: ZDI: ZDI-19-671 // VULMON: CVE-2019-6827 // JVNDB: JVNDB-2019-006479 // CNNVD: CNNVD-201907-688

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6827	Trust: 4.2
db:	ZDI	id:	ZDI-19-671	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2019-190-02	Trust: 2.1
db:	ICS CERT	id:	ICSA-19-192-06	Trust: 1.7
db:	BID	id:	109150	Trust: 1.1
db:	JVNDB	id:	JVNDB-2019-006479	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-8284	Trust: 0.7
db:	CNNVD	id:	CNNVD-201907-688	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60834	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2580	Trust: 0.6
db:	VULHUB	id:	VHN-158262	Trust: 0.1
db:	VULMON	id:	CVE-2019-6827	Trust: 0.1

sources: ZDI: ZDI-19-671 // CNVD: CNVD-2020-60834 // VULHUB: VHN-158262 // VULMON: CVE-2019-6827 // BID: 109150 // JVNDB: JVNDB-2019-006479 // CNNVD: CNNVD-201907-688 // NVD: CVE-2019-6827

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-192-06	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6827	Trust: 2.0
url:	https://www.schneider-electric.com/ww/en/download/document/sevd-2019-190-02	Trust: 1.8
url:	https://www.zerodayinitiative.com/advisories/zdi-19-671/	Trust: 1.8
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.9
url:	https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_name=sevd-2019-190-02-igss.pdf&p_doc_ref=sevd-2019-190-02	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6827	Trust: 0.8
url:	https://www.securityfocus.com/bid/109150	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2019.2580/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-6827	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

mdm and rgod of 9SG Security Team.

Trust: 0.9

sources: BID: 109150 // CNNVD: CNNVD-201907-688

SOURCES

db:	ZDI	id:	ZDI-19-671
db:	CNVD	id:	CNVD-2020-60834
db:	VULHUB	id:	VHN-158262
db:	VULMON	id:	CVE-2019-6827
db:	BID	id:	109150
db:	JVNDB	id:	JVNDB-2019-006479
db:	CNNVD	id:	CNNVD-201907-688
db:	NVD	id:	CVE-2019-6827

LAST UPDATE DATE

2024-11-23T21:37:08.156000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-671	date:	2019-07-22T00:00:00
db:	CNVD	id:	CNVD-2020-60834	date:	2020-11-06T00:00:00
db:	VULHUB	id:	VHN-158262	date:	2019-07-22T00:00:00
db:	VULMON	id:	CVE-2019-6827	date:	2022-10-14T00:00:00
db:	BID	id:	109150	date:	2019-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-006479	date:	2019-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201907-688	date:	2019-07-23T00:00:00
db:	NVD	id:	CVE-2019-6827	date:	2024-11-21T04:47:13.910

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-671	date:	2019-07-22T00:00:00
db:	CNVD	id:	CNVD-2020-60834	date:	2019-08-29T00:00:00
db:	VULHUB	id:	VHN-158262	date:	2019-07-15T00:00:00
db:	VULMON	id:	CVE-2019-6827	date:	2019-07-15T00:00:00
db:	BID	id:	109150	date:	2019-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-006479	date:	2019-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201907-688	date:	2019-07-11T00:00:00
db:	NVD	id:	CVE-2019-6827	date:	2019-07-15T21:15:10.883