CVE-2019-6820

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

CVSS v3 8.2 HIGH
CVSS v2.0 6.4 MEDIUM

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:atv_imc_drive_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:atv_imc_drive_controller:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m258_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_lmc078_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_lmc078:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:pacdrive_eco_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pacdrive_eco:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:pacdrive_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pacdrive_pro:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:pacdrive_pro2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:pacdrive_pro2:-:*:*:*:*:*:*:*

History

03 Feb 2022, 14:29

Type	Values Removed	Values Added
CPE	cpe:2.3:o:se:modicon_m258_firmware:::::::: cpe:2.3:o:se:modicon_m251_firmware:::::::: cpe:2.3:h:se:modicon_m221:-:::::::* cpe:2.3:o:se:modicon_m241_firmware::::::::	cpe:2.3:o:schneider-electric:modicon_m258_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m221:-:::::::* cpe:2.3:o:schneider-electric:modicon_m241_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m251_firmware::::::::
First Time		Schneider-electric modicon M251 Firmware Schneider-electric modicon M221 Schneider-electric modicon M241 Firmware Schneider-electric modicon M258 Firmware

31 Jan 2022, 19:55

Type	Values Removed	Values Added
First Time		Schneider-electric modicon M100 Firmware Schneider-electric modicon M200 Firmware Schneider-electric modicon M221 Firmware Schneider-electric modicon M258 Schneider-electric modicon M200 Schneider-electric modicon M100 Schneider-electric modicon M251 Schneider-electric modicon M241
CPE	cpe:2.3:o:se:modicon_m100_firmware:::::::: cpe:2.3:o:se:modicon_m200_firmware:::::::: cpe:2.3:o:se:modicon_m221_firmware:::::::: cpe:2.3:h:se:modicon_m251:-:::::::* cpe:2.3:h:se:modicon_m258:-:::::::* cpe:2.3:h:se:modicon_m200:-:::::::* cpe:2.3:h:se:modicon_m100:-:::::::* cpe:2.3:h:se:modicon_m241:-:::::::*	cpe:2.3:h:schneider-electric:modicon_m241:-:::::::* cpe:2.3:o:schneider-electric:modicon_m100_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m200_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m258:-:::::::* cpe:2.3:h:schneider-electric:modicon_m251:-:::::::* cpe:2.3:o:schneider-electric:modicon_m221_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m200:-:::::::* cpe:2.3:h:schneider-electric:modicon_m100:-:::::::*

26 Aug 2021, 14:43

Type	Values Removed	Values Added
CPE	cpe:2.3:h:schneider-electric:modicon_m200:-:::::::* cpe:2.3:h:schneider-electric:modicon_m100:-:::::::* cpe:2.3:h:schneider-electric:modicon_m258:-:::::::* cpe:2.3:h:schneider-electric:modicon_m241:-:::::::* cpe:2.3:h:schneider-electric:modicon_m251:-:::::::*	cpe:2.3:h:se:modicon_m251:-:::::::* cpe:2.3:h:se:modicon_m200:-:::::::* cpe:2.3:h:se:modicon_m258:-:::::::* cpe:2.3:h:se:modicon_m241:-:::::::* cpe:2.3:h:se:modicon_m100:-:::::::*

19 Aug 2021, 18:21

Type	Values Removed	Values Added
CPE	cpe:2.3:o:schneider-electric:modicon_m258_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m251_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m221:-:::::::* cpe:2.3:o:schneider-electric:modicon_m100_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m200_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m241_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m221_firmware::::::::	cpe:2.3:o:se:modicon_m251_firmware:::::::: cpe:2.3:o:se:modicon_m241_firmware:::::::: cpe:2.3:h:se:modicon_m221:-:::::::* cpe:2.3:o:se:modicon_m221_firmware:::::::: cpe:2.3:o:se:modicon_m100_firmware:::::::: cpe:2.3:o:se:modicon_m258_firmware:::::::: cpe:2.3:o:se:modicon_m200_firmware::::::::

Information

Published : 2019-05-22 20:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-6820

Mitre link : CVE-2019-6820

CVE.ORG link : CVE-2019-6820

JSON object : View

Products Affected

schneider-electric

modicon_m221
modicon_lmc078_firmware
atv_imc_drive_controller_firmware
modicon_m251
modicon_m200
modicon_lmc078
pacdrive_pro2
modicon_m100_firmware
pacdrive_pro
modicon_m100
modicon_m251_firmware
modicon_m258
modicon_m200_firmware
modicon_lmc058_firmware
pacdrive_eco_firmware
modicon_m241_firmware
modicon_lmc058
modicon_m258_firmware
pacdrive_eco
modicon_m241
pacdrive_pro_firmware
pacdrive_pro2_firmware
modicon_m221_firmware
atv_imc_drive_controller

CWE

CWE-306

Missing Authentication for Critical Function

8.2 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-6820

8.2^/10

6.4^/10

Attach tags to `CVE-2019-6820`