Details of VAR-201912-1870

ID

VAR-201912-1870

TITLE

Schneider Electric TM218LDAE24DRHN Denial of service vulnerability

Trust: 0.8

sources: IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7 // CNVD: CNVD-2019-43654

DESCRIPTION

Schneider Electric TM218LDAE24DRHN is a programmable controller product of Schneider Electric (France). Schneider Electric TM218LDAE24DRHN has a denial of service vulnerability. An attacker can use the vulnerability to send specific protocol packets, causing a denial of service attack

Trust: 0.72

sources: CNVD: CNVD-2019-43654 // IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7 // CNVD: CNVD-2019-43654

AFFECTED PRODUCTS

vendor:	schneider	model:	electric co. ltd.schneider electric tm218ldae24drhn	scope:	eq	version:	v4.3	Trust: 0.6
vendor:	schneider electric	model:	tm218ldae24drhn	scope:	eq	version:	v4.3	Trust: 0.2

sources: IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7 // CNVD: CNVD-2019-43654

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-43654
value:	MEDIUM
Trust: 0.6
IVD:	9544ae5f-1f10-4382-bfa8-35fea20b25a7
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-43654
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9544ae5f-1f10-4382-bfa8-35fea20b25a7
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7 // CNVD: CNVD-2019-43654

TYPE

Denial of service

Trust: 0.2

sources: IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7

PATCH

title:

Schneider Electric TM218LDAE24DRHN Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/188341

Trust: 0.6

sources: CNVD: CNVD-2019-43654

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-43654	Trust: 0.8
db:	IVD	id:	9544AE5F-1F10-4382-BFA8-35FEA20B25A7	Trust: 0.2

sources: IVD: 9544ae5f-1f10-4382-bfa8-35fea20b25a7 // CNVD: CNVD-2019-43654

SOURCES

db:	IVD	id:	9544ae5f-1f10-4382-bfa8-35fea20b25a7
db:	CNVD	id:	CNVD-2019-43654

LAST UPDATE DATE

2022-05-17T01:57:38.040000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-43654

date:

2019-12-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9544ae5f-1f10-4382-bfa8-35fea20b25a7	date:	2019-12-03T00:00:00
db:	CNVD	id:	CNVD-2019-43654	date:	2019-12-15T00:00:00