Sign-up

ID

VAR-201909-0040


CVE

CVE-2019-6810


TITLE

BMXNOR0200H Ethernet / Serial RTU Incorrect authentication vulnerability in module

Trust: 0.8

sources: JVNDB: JVNDB-2019-009444

DESCRIPTION

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. BMXNOR0200H Ethernet / Serial RTU The module contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided

Trust: 2.34

sources: NVD: CVE-2019-6810 // JVNDB: JVNDB-2019-009444 // CNVD: CNVD-2020-25046 // VULHUB: VHN-158245 // VULMON: CVE-2019-6810

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-25046

AFFECTED PRODUCTS

vendor:schneider electricmodel:bmxnor0200hscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmxnor0200hscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric schneider electric bmxnor0200h ethernet/serial rtu modulescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-25046 // JVNDB: JVNDB-2019-009444 // NVD: CVE-2019-6810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6810
value: HIGH

Trust: 1.0

NVD: CVE-2019-6810
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-25046
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-816
value: HIGH

Trust: 0.6

VULHUB: VHN-158245
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-6810
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6810
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-25046
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158245
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6810
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6810
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-25046 // VULHUB: VHN-158245 // VULMON: CVE-2019-6810 // JVNDB: JVNDB-2019-009444 // CNNVD: CNNVD-201909-816 // NVD: CVE-2019-6810

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-863

Trust: 0.9

sources: VULHUB: VHN-158245 // JVNDB: JVNDB-2019-009444 // NVD: CVE-2019-6810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-816

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-816

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009444

PATCH
title:SEVD-2019-225-03url:https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009444

EXTERNAL IDS
db:NVDid:CVE-2019-6810
Trust: 3.2
db:SCHNEIDERid:SEVD-2019-225-03
Trust: 2.4
db:JVNDBid:JVNDB-2019-009444
Trust: 0.8
db:CNNVDid:CNNVD-201909-816
Trust: 0.7
db:CNVDid:CNVD-2020-25046
Trust: 0.6
db:AUSCERTid:ESB-2020.0526
Trust: 0.6
db:ICS CERTid:ICSA-20-044-01
Trust: 0.6
db:VULHUBid:VHN-158245
Trust: 0.1
db:VULMONid:CVE-2019-6810
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25046 // 
            
            
            
            VULHUB: VHN-158245 // 
            
            
            
            VULMON: CVE-2019-6810 // 
            
            
            
            JVNDB: JVNDB-2019-009444 // 
            
            
            
            CNNVD: CNNVD-201909-816 // 
            
            
            
            NVD: CVE-2019-6810

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/
Trust: 2.4
url:https://security.cse.iitk.ac.in/responsible-disclosure
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6810
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6810
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-20-044-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0526/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25046 // 
            
            
            
            VULHUB: VHN-158245 // 
            
            
            
            VULMON: CVE-2019-6810 // 
            
            
            
            JVNDB: JVNDB-2019-009444 // 
            
            
            
            CNNVD: CNNVD-201909-816 // 
            
            
            
            NVD: CVE-2019-6810

SOURCES
db:CNVDid:CNVD-2020-25046
db:VULHUBid:VHN-158245
db:VULMONid:CVE-2019-6810
db:JVNDBid:JVNDB-2019-009444
db:CNNVDid:CNNVD-201909-816
db:NVDid:CVE-2019-6810

LAST UPDATE DATE
2024-11-23T22:06:01.665000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25046date:2020-04-26T00:00:00
db:VULHUBid:VHN-158245date:2023-02-13T00:00:00
db:VULMONid:CVE-2019-6810date:2023-02-13T00:00:00
db:JVNDBid:JVNDB-2019-009444date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-816date:2023-02-14T00:00:00
db:NVDid:CVE-2019-6810date:2024-11-21T04:47:12.243

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-25046date:2020-04-26T00:00:00
db:VULHUBid:VHN-158245date:2019-09-17T00:00:00
db:VULMONid:CVE-2019-6810date:2019-09-17T00:00:00
db:JVNDBid:JVNDB-2019-009444date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-816date:2019-09-17T00:00:00
db:NVDid:CVE-2019-6810date:2019-09-17T20:15:11.860