CNVD-2019-15887
Vulnerability from cnvd - Published: 2019-05-30
VLAI Severity ?
Title
多款Schneider Electric产品访问控制错误漏洞
Description
Schneider Electric Modicon M100等都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric Modicon M100是一款可编程逻辑控制器。Schneider Electric Modicon LMC078是一款用于运动控制器。Schneider Electric ATV IMC drive controller是一款驱动控制器。
多款Schneider Electric产品中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问,可能导致修改设备IP配置(IP地址,网络掩码和网关IP地址)。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.schneider-electric.com/
Reference
https://web.nvd.nist.gov//vuln/detail/CVE-2019-6820
Impacted products
| Name | ['Schneider Electric Modicon M258', 'Schneider Electric Modicon LMC058', 'Schneider Electric Modicon LMC078', 'Schneider Electric PacDrive Eco', 'Schneider Electric PacDrive Pro', 'Schneider Electric PacDrive Pro2', 'Schneider Electric Modicon M200', 'Schneider Electric Modicon M221', 'Schneider Electric ATV IMC drive controller', 'Schneider Electric Modicon M241', 'Schneider Electric Modicon M251'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-6820",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6820"
}
},
"description": "Schneider Electric Modicon M100\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric Modicon M100\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002Schneider Electric Modicon LMC078\u662f\u4e00\u6b3e\u7528\u4e8e\u8fd0\u52a8\u63a7\u5236\u5668\u3002Schneider Electric ATV IMC drive controller\u662f\u4e00\u6b3e\u9a71\u52a8\u63a7\u5236\u5668\u3002\n\n\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\uff0c\u53ef\u80fd\u5bfc\u81f4\u4fee\u6539\u8bbe\u5907IP\u914d\u7f6e\uff08IP\u5730\u5740\uff0c\u7f51\u7edc\u63a9\u7801\u548c\u7f51\u5173IP\u5730\u5740\uff09\u3002",
"discovererName": "Schneider Electric",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-15887",
"openTime": "2019-05-30",
"products": {
"product": [
"Schneider Electric Modicon M258",
"Schneider Electric Modicon LMC058",
"Schneider Electric Modicon LMC078",
"Schneider Electric PacDrive Eco",
"Schneider Electric PacDrive Pro",
"Schneider Electric PacDrive Pro2",
"Schneider Electric Modicon M200",
"Schneider Electric Modicon M221",
"Schneider Electric ATV IMC drive controller",
"Schneider Electric Modicon M241",
"Schneider Electric Modicon M251"
]
},
"referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2019-6820",
"serverity": "\u4e2d",
"submitTime": "2019-05-22",
"title": "\u591a\u6b3eSchneider Electric\u4ea7\u54c1\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…