CVE-2019-6820

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2019-6820
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

8.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/ Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_lmc078_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_lmc078:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:pacdrive_eco_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:pacdrive_eco:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:schneider-electric:pacdrive_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:pacdrive_pro:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:schneider-electric:pacdrive_pro2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:pacdrive_pro2:-:*:*:*:*:*:*:*
Information

Published : 2019-05-22 13:29

Updated : 2022-02-03 06:29

NVD link : CVE-2019-6820

Mitre link : CVE-2019-6820

JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa
Products Affected

schneider-electric

  • modicon_lmc078
  • modicon_lmc058_firmware
  • modicon_m251
  • modicon_m251_firmware
  • modicon_m258
  • pacdrive_eco
  • atv_imc_drive_controller_firmware
  • modicon_m200
  • modicon_m241_firmware
  • pacdrive_eco_firmware
  • modicon_m221
  • modicon_lmc078_firmware
  • modicon_m258_firmware
  • modicon_lmc058
  • modicon_m200_firmware
  • atv_imc_drive_controller
  • pacdrive_pro
  • modicon_m100
  • pacdrive_pro2_firmware
  • pacdrive_pro2
  • pacdrive_pro_firmware
  • modicon_m241
  • modicon_m100_firmware
  • modicon_m221_firmware