cvelistv5 - cve-2019-6854

CVE-2019-6854 (GCVE-0-2019-6854)

Vulnerability from cvelistv5 – Published: 2020-01-06 22:56 – Updated: 2024-08-04 20:31

Summary

Severity ?

No CVSS data available.

CWE

CWE-287 - Improper Authentication

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)	Affected: EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-19T12:10:47",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6854",
    "datePublished": "2020-01-06T22:56:53",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCC1A189-4500-4EEC-896E-7833225EAF65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F342A21-0F75-44C1-97D4-38F3E54B0F0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA1BF60B-98A0-43CE-8C3B-122FB713ABBD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.\"}, {\"lang\": \"es\", \"value\": \"CWE-287: Se presenta una vulnerabilidad de autenticaci\\u00f3n inapropiada en una carpeta dentro de EcoStruxure Geo SCADA Expert (ClearSCADA), con versiones iniciales anteriores al 1 de enero de 2019, lo que podr\\u00eda causar que un usuario con poco privilegio elimine o modifique archivos de bases de datos, configuraciones o certificados . Esos usuarios necesitan tener acceso al sistema de archivos de ese sistema operativo para explotar esta vulnerabilidad. Las versiones afectadas en el soporte actual incluyen ClearSCADA versi\\u00f3n 2017 R3, ClearSCADA versi\\u00f3n 2017 R2 y ClearSCADA versi\\u00f3n 2017\"}]",
      "id": "CVE-2019-6854",
      "lastModified": "2024-11-21T04:47:17.170",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-06T23:15:11.033",
      "references": "[{\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2019-344-05/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.se.com/ww/en/download/document/SEVD-2019-344-05/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6854\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-01-06T23:15:11.033\",\"lastModified\":\"2024-11-21T04:47:17.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.\"},{\"lang\":\"es\",\"value\":\"CWE-287: Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en una carpeta dentro de EcoStruxure Geo SCADA Expert (ClearSCADA), con versiones iniciales anteriores al 1 de enero de 2019, lo que podr\u00eda causar que un usuario con poco privilegio elimine o modifique archivos de bases de datos, configuraciones o certificados . Esos usuarios necesitan tener acceso al sistema de archivos de ese sistema operativo para explotar esta vulnerabilidad. Las versiones afectadas en el soporte actual incluyen ClearSCADA versi\u00f3n 2017 R3, ClearSCADA versi\u00f3n 2017 R2 y ClearSCADA versi\u00f3n 2017\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC1A189-4500-4EEC-896E-7833225EAF65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F342A21-0F75-44C1-97D4-38F3E54B0F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA1BF60B-98A0-43CE-8C3B-122FB713ABBD\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2019-344-05/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2019-344-05/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2020-03775

Vulnerability from cnvd - Published: 2020-02-05

Title

Schneider Electric EcoStruxure Geo SCADA Expert权限许可和访问控制问题漏洞

Description

Schneider Electric EcoStruxure Geo SCADA Expert（EcoStruxure Geo SCADA Expert）是法国施耐德电气（Schneider Electric）公司的一套数据采集和监控软件（SCADA）. Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)中的文件夹存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。目前没有详细漏洞细节提供。

Severity

中

Patch Name

Schneider Electric EcoStruxure Geo SCADA Expert权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.se.com/ww/en/download/document/SEVD-2019-344-05

Reference

ttps://nvd.nist.gov/vuln/detail/CVE-2019-6854

Impacted products

Name
['Schneider Electric ClearSCADA 2017 R3', 'Schneider Electric ClearSCADA 2017 R2', 'Schneider Electric ClearSCADA 2017']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6854"
    }
  },
  "description": "Schneider Electric EcoStruxure Geo SCADA Expert\uff08EcoStruxure Geo SCADA Expert\uff09\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u91c7\u96c6\u548c\u76d1\u63a7\u8f6f\u4ef6\uff08SCADA\uff09.\n\nSchneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)\u4e2d\u7684\u6587\u4ef6\u5939\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.se.com/ww/en/download/document/SEVD-2019-344-05",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03775",
  "openTime": "2020-02-05",
  "patchDescription": "Schneider Electric EcoStruxure Geo SCADA Expert\uff08EcoStruxure Geo SCADA Expert\uff09\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u91c7\u96c6\u548c\u76d1\u63a7\u8f6f\u4ef6\uff08SCADA\uff09.\r\n\r\nSchneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA)\u4e2d\u7684\u6587\u4ef6\u5939\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric EcoStruxure Geo SCADA Expert\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric ClearSCADA 2017 R3",
      "Schneider Electric ClearSCADA 2017 R2",
      "Schneider Electric ClearSCADA 2017"
    ]
  },
  "referenceLink": "ttps://nvd.nist.gov/vuln/detail/CVE-2019-6854",
  "serverity": "\u4e2d",
  "submitTime": "2020-01-07",
  "title": "Schneider Electric EcoStruxure Geo SCADA Expert\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

VAR-202001-1852

Vulnerability from variot - Updated: 2023-12-18 14:04

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France).

The folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1852",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "clearscada",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "2017"
      },
      {
        "model": "clearscada",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "2017 r2"
      },
      {
        "model": "clearscada",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "2017 r3"
      },
      {
        "model": "electric clearscada r3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2017"
      },
      {
        "model": "electric clearscada r2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2017"
      },
      {
        "model": "electric clearscada",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "2017"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "William Knowles(Lancaster University)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-6854",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-6854",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-03775",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-158289",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6854",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6854",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-03775",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-138",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-828",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158289",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017. ClearSCADA Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Schneider Electric EcoStruxure Geo SCADA Expert (EcoStruxure Geo SCADA Expert) is a set of data acquisition and monitoring software (SCADA) from Schneider Electric (France). \n\r\n\r\nThe folders in Schneider Electric EcoStruxure Geo SCADA Expert (ClearSCADA) are vulnerable to permission permissions and access control issues. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. No detailed vulnerability details are provided at this time. Attackers can exploit this vulnerability to delete or modify database, configuration and certificate files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6854",
        "trust": 3.7
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2019-344-05",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "id": "VAR-202001-1852",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:04:51.425000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2019-344-05",
        "trust": 0.8,
        "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05/"
      },
      {
        "title": "Patch for Schneider Electric EcoStruxure Geo SCADA Expert Privilege Permission and Access Control Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/199157"
      },
      {
        "title": "Schneider Electric EcoStruxure Geo SCADA Expert Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=108293"
      },
      {
        "title": "Schneider Electric EcoStruxure Geo SCADA Expert Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105539"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6854"
      },
      {
        "trust": 2.3,
        "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6854"
      },
      {
        "trust": 0.6,
        "url": "https://www.se.com/ww/en/download/document/sevd-2019-344-05"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "date": "2020-02-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "date": "2020-01-06T23:15:11.033000",
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "date": "2020-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "date": "2019-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-03775"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158289"
      },
      {
        "date": "2020-02-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      },
      {
        "date": "2021-11-03T19:23:36.707000",
        "db": "NVD",
        "id": "CVE-2019-6854"
      },
      {
        "date": "2022-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "date": "2021-11-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-828"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ClearSCADA Vulnerabilities in authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014121"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-138"
      }
    ],
    "trust": 0.6
  }
}

GHSA-HWWQ-6FG7-74H6

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05

Details

A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-06T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",
  "id": "GHSA-hwwq-6fg7-74h6",
  "modified": "2022-05-24T17:05:44Z",
  "published": "2022-05-24T17:05:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6854"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2019-AVI-629

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Power SCADA Expert 8.1
Schneider Electric	N/A	Modicon Premium
Schneider Electric	N/A	Power SCADA Expert 8.0
Schneider Electric	N/A	Power SCADA Operation 9.0
Schneider Electric	Modicon M340	Modicon M340
Schneider Electric	N/A	ClearSCADA 2017
Schneider Electric	N/A	ClearSCADA 2017 R2
Schneider Electric	N/A	Power SCADA Expert 7.4
Schneider Electric	N/A	Power SCADA Expert 7.3
Schneider Electric	N/A	ClearSCADA 2017 R3
Schneider Electric	N/A	EcoStruxure Control Expert version V14.0 et toutes les versions d'Unity Pro (anciennement EcoStruxure Control Expert)
Schneider Electric	N/A	Power SCADA Expert 8.2
Schneider Electric	N/A	Modicon M580
Schneider Electric	N/A	Modicon Quantum

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2019-344-01 du 11 décembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-344-02 du 11 décembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-344-04 du 11 décembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-344-05 du 11 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Power SCADA Expert 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Premium",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Operation 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ClearSCADA 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ClearSCADA 2017 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ClearSCADA 2017 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Control Expert version V14.0 et toutes les versions d\u0027Unity Pro (anciennement EcoStruxure Control Expert)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M580",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Quantum",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6857"
    },
    {
      "name": "CVE-2019-6854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6854"
    },
    {
      "name": "CVE-2019-13537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13537"
    },
    {
      "name": "CVE-2019-6855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6855"
    },
    {
      "name": "CVE-2019-6856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6856"
    },
    {
      "name": "CVE-2018-7794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7794"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-629",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-01 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-01_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-344-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-02 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-02_EcoStruxure_Control_Expert.pdf\u0026p_Doc_Ref=SEVD-2019-344-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-04 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-04_Power_SCADA_Operation.pdf\u0026p_Doc_Ref=SEVD-2019-344-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-05 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-05_EcoStruxure_Geo_SCADA_Expert.pdf\u0026p_Doc_Ref=SEVD-2019-344-05"
    }
  ]
}

CERTFR-2019-AVI-629

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Power SCADA Expert 8.1
Schneider Electric	N/A	Modicon Premium
Schneider Electric	N/A	Power SCADA Expert 8.0
Schneider Electric	N/A	Power SCADA Operation 9.0
Schneider Electric	Modicon M340	Modicon M340
Schneider Electric	N/A	ClearSCADA 2017
Schneider Electric	N/A	ClearSCADA 2017 R2
Schneider Electric	N/A	Power SCADA Expert 7.4
Schneider Electric	N/A	Power SCADA Expert 7.3
Schneider Electric	N/A	ClearSCADA 2017 R3
Schneider Electric	N/A	EcoStruxure Control Expert version V14.0 et toutes les versions d'Unity Pro (anciennement EcoStruxure Control Expert)
Schneider Electric	N/A	Power SCADA Expert 8.2
Schneider Electric	N/A	Modicon M580
Schneider Electric	N/A	Modicon Quantum

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2019-344-01 du 11 décembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-344-02 du 11 décembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-344-04 du 11 décembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-344-05 du 11 décembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Power SCADA Expert 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Premium",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Operation 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ClearSCADA 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ClearSCADA 2017 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "ClearSCADA 2017 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Control Expert version V14.0 et toutes les versions d\u0027Unity Pro (anciennement EcoStruxure Control Expert)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Expert 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M580",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Quantum",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6857"
    },
    {
      "name": "CVE-2019-6854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6854"
    },
    {
      "name": "CVE-2019-13537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13537"
    },
    {
      "name": "CVE-2019-6855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6855"
    },
    {
      "name": "CVE-2019-6856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6856"
    },
    {
      "name": "CVE-2018-7794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7794"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-629",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-01 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-01_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-344-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-02 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-02_EcoStruxure_Control_Expert.pdf\u0026p_Doc_Ref=SEVD-2019-344-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-04 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-04_Power_SCADA_Operation.pdf\u0026p_Doc_Ref=SEVD-2019-344-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-344-05 du 11 d\u00e9cembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-344-05_EcoStruxure_Geo_SCADA_Expert.pdf\u0026p_Doc_Ref=SEVD-2019-344-05"
    }
  ]
}

GSD-2019-6854

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6854

Aliases

CVE-2019-6854

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6854",
    "description": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",
    "id": "GSD-2019-6854"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6854"
      ],
      "details": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.",
      "id": "GSD-2019-6854",
      "modified": "2023-12-13T01:23:49.454905Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2019-6854",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 (see notification for more details)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/",
            "refsource": "MISC",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6854"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-03T19:23Z",
      "publishedDate": "2020-01-06T23:15Z"
    }
  }
}

FKIE_CVE-2019-6854

Vulnerability from fkie_nvd - Published: 2020-01-06 23:15 - Updated: 2024-11-21 04:47

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-344-05/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-344-05/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	clearscada	2017
schneider-electric	clearscada	2017
schneider-electric	clearscada	2017

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:clearscada:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCC1A189-4500-4EEC-896E-7833225EAF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:clearscada:2017:r2:*:*:*:*:*:*",
              "matchCriteriaId": "3F342A21-0F75-44C1-97D4-38F3E54B0F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:clearscada:2017:r3:*:*:*:*:*:*",
              "matchCriteriaId": "AA1BF60B-98A0-43CE-8C3B-122FB713ABBD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017."
    },
    {
      "lang": "es",
      "value": "CWE-287: Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en una carpeta dentro de EcoStruxure Geo SCADA Expert (ClearSCADA), con versiones iniciales anteriores al 1 de enero de 2019, lo que podr\u00eda causar que un usuario con poco privilegio elimine o modifique archivos de bases de datos, configuraciones o certificados . Esos usuarios necesitan tener acceso al sistema de archivos de ese sistema operativo para explotar esta vulnerabilidad. Las versiones afectadas en el soporte actual incluyen ClearSCADA versi\u00f3n 2017 R3, ClearSCADA versi\u00f3n 2017 R2 y ClearSCADA versi\u00f3n 2017"
    }
  ],
  "id": "CVE-2019-6854",
  "lastModified": "2024-11-21T04:47:17.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-06T23:15:11.033",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-05/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6854 (GCVE-0-2019-6854)

CNVD-2020-03775

VAR-202001-1852

GHSA-HWWQ-6FG7-74H6

CERTFR-2019-AVI-629

Solution

CERTFR-2019-AVI-629

Solution

GSD-2019-6854

FKIE_CVE-2019-6854

Tags

Sightings

Nomenclature