Sign-up

ID

VAR-201909-0047


CVE

CVE-2019-6831


TITLE

BMXNOR0200H Ethernet / Serial RTU Vulnerability in module checking for exceptional conditions

Trust: 0.8

sources: JVNDB: JVNDB-2019-009523

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided

Trust: 2.34

sources: NVD: CVE-2019-6831 // JVNDB: JVNDB-2019-009523 // CNVD: CNVD-2020-25044 // VULHUB: VHN-158266 // VULMON: CVE-2019-6831

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-25044

AFFECTED PRODUCTS

vendor:schneider electricmodel:bmxnor0200hscope: - version: -

Trust: 1.4

vendor:schneider electricmodel:bmxnor0200hscope:eqversion:*

Trust: 1.0

vendor:schneidermodel:electric schneider electric bmxnor0200h ethernet/serial rtu modulescope: - version: -

Trust: 0.6

vendor:schneider electricmodel:bmxnor0200hscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-25044 // JVNDB: JVNDB-2019-009523 // CNNVD: CNNVD-201909-823 // NVD: CVE-2019-6831

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6831
value: HIGH

Trust: 1.0

NVD: CVE-2019-6831
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-25044
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-823
value: HIGH

Trust: 0.6

VULHUB: VHN-158266
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-6831
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6831
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-25044
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158266
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6831
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-6831
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-25044 // VULHUB: VHN-158266 // VULMON: CVE-2019-6831 // JVNDB: JVNDB-2019-009523 // CNNVD: CNNVD-201909-823 // NVD: CVE-2019-6831

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.9

sources: VULHUB: VHN-158266 // JVNDB: JVNDB-2019-009523 // NVD: CVE-2019-6831

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-823

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-823

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009523

PATCH
title:SEVD-2019-225-03url:https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
Trust: 0.8
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-6831 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-6831 // 
            
            
            
            JVNDB: JVNDB-2019-009523

EXTERNAL IDS
db:NVDid:CVE-2019-6831
Trust: 3.2
db:SCHNEIDERid:SEVD-2019-225-03
Trust: 2.4
db:JVNDBid:JVNDB-2019-009523
Trust: 0.8
db:CNNVDid:CNNVD-201909-823
Trust: 0.7
db:CNVDid:CNVD-2020-25044
Trust: 0.6
db:ICS CERTid:ICSA-20-044-01
Trust: 0.6
db:AUSCERTid:ESB-2020.0526
Trust: 0.6
db:VULHUBid:VHN-158266
Trust: 0.1
db:VULMONid:CVE-2019-6831
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25044 // 
            
            
            
            VULHUB: VHN-158266 // 
            
            
            
            VULMON: CVE-2019-6831 // 
            
            
            
            JVNDB: JVNDB-2019-009523 // 
            
            
            
            CNNVD: CNNVD-201909-823 // 
            
            
            
            NVD: CVE-2019-6831

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/
Trust: 2.4
url:https://security.cse.iitk.ac.in/responsible-disclosure
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6831
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6831
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-20-044-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0526/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/754.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-6831
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25044 // 
            
            
            
            VULHUB: VHN-158266 // 
            
            
            
            VULMON: CVE-2019-6831 // 
            
            
            
            JVNDB: JVNDB-2019-009523 // 
            
            
            
            CNNVD: CNNVD-201909-823 // 
            
            
            
            NVD: CVE-2019-6831

SOURCES
db:CNVDid:CNVD-2020-25044
db:VULHUBid:VHN-158266
db:VULMONid:CVE-2019-6831
db:JVNDBid:JVNDB-2019-009523
db:CNNVDid:CNNVD-201909-823
db:NVDid:CVE-2019-6831

LAST UPDATE DATE
2024-11-23T22:06:01.598000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25044date:2020-04-26T00:00:00
db:VULHUBid:VHN-158266date:2019-10-02T00:00:00
db:VULMONid:CVE-2019-6831date:2022-09-03T00:00:00
db:JVNDBid:JVNDB-2019-009523date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-823date:2020-02-25T00:00:00
db:NVDid:CVE-2019-6831date:2024-11-21T04:47:14.383

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-25044date:2020-04-26T00:00:00
db:VULHUBid:VHN-158266date:2019-09-17T00:00:00
db:VULMONid:CVE-2019-6831date:2019-09-17T00:00:00
db:JVNDBid:JVNDB-2019-009523date:2019-09-24T00:00:00
db:CNNVDid:CNNVD-201909-823date:2019-09-17T00:00:00
db:NVDid:CVE-2019-6831date:2019-09-17T20:15:12.343