Details of VAR-201909-0049

ID

VAR-201909-0049

CVE

CVE-2019-6833

TITLE

Magelis HMI Panel Vulnerabilities related to exceptional state checking

Trust: 0.8

sources: JVNDB: JVNDB-2019-009447

DESCRIPTION

A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. Magelis HMI Panel Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Magelis HMIGTO, etc. are a human-machine interface control panel of Schneider Electric in France. A code issue vulnerability exists in several Schneider Electric products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The following products and versions are affected: Schneider Electric HMIGTO; HMISTO; XBTGH; HMIGTU; HMIGTUX; HMISCU; HMISTU; XBTGT; XBTGT; HMIGXO; HMIGXU

Trust: 1.71

sources: NVD: CVE-2019-6833 // JVNDB: JVNDB-2019-009447 // VULHUB: VHN-158268

AFFECTED PRODUCTS

vendor:	schneider electric	model:	hmigto	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	hmigxu	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	hmisto	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	hmiscu	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	hmistu	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	hmigtu	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	xbtgt	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	hmigxo	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	xbtgh	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	hmigto	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmigtu	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmigxo	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmigxu	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmiscu	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmisto	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmistu	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	xbtgh	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	xbtgt	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	hmigto5315	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto4310	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto2310	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto2300	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto5310	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto1300	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto1310	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto2315	scope:	eq	version:	-	Trust: 0.6
vendor:	schneider electric	model:	hmigto3510	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2019-009447 // CNNVD: CNNVD-201909-826 // NVD: CVE-2019-6833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6833
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6833
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201909-826
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158268
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6833
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158268
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6833
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6833
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158268 // JVNDB: JVNDB-2019-009447 // CNNVD: CNNVD-201909-826 // NVD: CVE-2019-6833

PROBLEMTYPE DATA

problemtype:

CWE-754

Trust: 1.9

sources: VULHUB: VHN-158268 // JVNDB: JVNDB-2019-009447 // NVD: CVE-2019-6833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-826

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-826

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009447

PATCH

title:

SEVD-2019-225-01

url:

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01

Trust: 0.8

sources: JVNDB: JVNDB-2019-009447

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6833	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2019-225-01	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-009447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-826	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0525	Trust: 0.6
db:	VULHUB	id:	VHN-158268	Trust: 0.1

sources: VULHUB: VHN-158268 // JVNDB: JVNDB-2019-009447 // CNNVD: CNNVD-201909-826 // NVD: CVE-2019-6833

REFERENCES

url:	https://www.schneider-electric.com/ww/en/download/document/sevd-2019-225-01	Trust: 1.7
url:	https://security.cse.iitk.ac.in/responsible-disclosure	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6833	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6833	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0525/	Trust: 0.6

sources: VULHUB: VHN-158268 // JVNDB: JVNDB-2019-009447 // CNNVD: CNNVD-201909-826 // NVD: CVE-2019-6833

SOURCES

db:	VULHUB	id:	VHN-158268
db:	JVNDB	id:	JVNDB-2019-009447
db:	CNNVD	id:	CNNVD-201909-826
db:	NVD	id:	CVE-2019-6833

LAST UPDATE DATE

2024-11-23T21:59:42.552000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158268	date:	2020-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-009447	date:	2019-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201909-826	date:	2020-02-19T00:00:00
db:	NVD	id:	CVE-2019-6833	date:	2024-11-21T04:47:14.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158268	date:	2019-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-009447	date:	2019-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201909-826	date:	2019-09-17T00:00:00
db:	NVD	id:	CVE-2019-6833	date:	2019-09-17T20:15:12.467