Sign-up

ID

VAR-201909-0048


CVE

CVE-2019-6832


TITLE

spaceLYnk and Wiser for KNX Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009524

DESCRIPTION

A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. spaceLYnk and Wiser for KNX Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Schneider Electric spaceLYnk and Wiser for KNX are products of Schneider Electric in France. spaceLYnk is a programmable logic controller. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.25

sources: NVD: CVE-2019-6832 // JVNDB: JVNDB-2019-009524 // CNVD: CNVD-2020-28494 // VULMON: CVE-2019-6832

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28494

AFFECTED PRODUCTS

vendor:schneider electricmodel:spacelynkscope:ltversion:2.4.0

Trust: 1.8

vendor:schneider electricmodel:wiser for knxscope:ltversion:2.4.0

Trust: 1.8

vendor:schneidermodel:electric schneider electric spacelynkscope:ltversion:2.4.0

Trust: 0.6

vendor:schneidermodel:electric wiser for knxscope:ltversion:2.4.0

Trust: 0.6

vendor:schneider electricmodel:lss100200scope:eqversion: -

Trust: 0.6

vendor:schneider electricmodel:lss100100scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-28494 // JVNDB: JVNDB-2019-009524 // CNNVD: CNNVD-201909-824 // NVD: CVE-2019-6832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6832
value: HIGH

Trust: 1.0

NVD: CVE-2019-6832
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-28494
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-824
value: HIGH

Trust: 0.6

VULMON: CVE-2019-6832
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6832
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-28494
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6832
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-6832
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28494 // VULMON: CVE-2019-6832 // JVNDB: JVNDB-2019-009524 // CNNVD: CNNVD-201909-824 // NVD: CVE-2019-6832

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-009524 // NVD: CVE-2019-6832

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-824

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201909-824

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009524

PATCH
title:SEVD-2019-225-07url:https://www.schneider-electric.com/en/download/document/SEVD-2019-225-07/
Trust: 0.8
title:Patch for Schneider Electric Wiser for KNX and spaceLYnk authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/217743
Trust: 0.6
title:Schneider Electric Wiser for KNX  and spaceLYnk Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98354
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28494 // 
            
            
            
            JVNDB: JVNDB-2019-009524 // 
            
            
            
            CNNVD: CNNVD-201909-824

EXTERNAL IDS
db:NVDid:CVE-2019-6832
Trust: 3.1
db:SCHNEIDERid:SEVD-2019-225-07
Trust: 2.3
db:JVNDBid:JVNDB-2019-009524
Trust: 0.8
db:CNVDid:CNVD-2020-28494
Trust: 0.6
db:CNNVDid:CNNVD-201909-824
Trust: 0.6
db:VULMONid:CVE-2019-6832
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28494 // 
            
            
            
            VULMON: CVE-2019-6832 // 
            
            
            
            JVNDB: JVNDB-2019-009524 // 
            
            
            
            CNNVD: CNNVD-201909-824 // 
            
            
            
            NVD: CVE-2019-6832

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-225-07/
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-6832
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6832
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-6832
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28494 // 
            
            
            
            VULMON: CVE-2019-6832 // 
            
            
            
            JVNDB: JVNDB-2019-009524 // 
            
            
            
            CNNVD: CNNVD-201909-824 // 
            
            
            
            NVD: CVE-2019-6832

SOURCES
db:CNVDid:CNVD-2020-28494
db:VULMONid:CVE-2019-6832
db:JVNDBid:JVNDB-2019-009524
db:CNNVDid:CNNVD-201909-824
db:NVDid:CVE-2019-6832

LAST UPDATE DATE
2024-11-23T22:33:46.671000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28494date:2020-05-17T00:00:00
db:VULMONid:CVE-2019-6832date:2022-09-03T00:00:00
db:JVNDBid:JVNDB-2019-009524date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-824date:2019-10-17T00:00:00
db:NVDid:CVE-2019-6832date:2024-11-21T04:47:14.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28494date:2020-05-17T00:00:00
db:VULMONid:CVE-2019-6832date:2019-09-17T00:00:00
db:JVNDBid:JVNDB-2019-009524date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-824date:2019-09-17T00:00:00
db:NVDid:CVE-2019-6832date:2019-09-17T20:15:12.407