CVE-2019-6833

A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://security.cse.iitk.ac.in/responsible-disclosure
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:hmigto_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmigto1300:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto1310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto2300:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto2310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto2315:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto3510:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto4310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto5310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto5315:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto6310:-:::::::*
	cpe:2.3:h:schneider-electric:hmigto6315:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:hmisto_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmisto501:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto511:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto512:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto531:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto532:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto705:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto715:-:::::::*
	cpe:2.3:h:schneider-electric:hmisto735:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:xbtgh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:xbtgh2460:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:schneider-electric:hmigtu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmig2u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig3u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig3ufc:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5u:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5u2:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5ufc:-:::::::*
	cpe:2.3:h:schneider-electric:hmig5ul8a:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:hmiscu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmiscu6a5:-:::::::*
	cpe:2.3:h:schneider-electric:hmiscu6b5:-:::::::*
	cpe:2.3:h:schneider-electric:hmiscu8a5:-:::::::*
	cpe:2.3:h:schneider-electric:hmiscu8b5:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:hmistu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmistu655:-:::::::*
	cpe:2.3:h:schneider-electric:hmistu655w:-:::::::*
	cpe:2.3:h:schneider-electric:hmistu855:-:::::::*
	cpe:2.3:h:schneider-electric:hmistu855w:-:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:xbtgt_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:xbtgt2430:-:::::::*
	cpe:2.3:h:schneider-electric:xbtgt2930:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:hmigxo_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:hmigxo:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:hmigxu_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:hmigxu35:-:::::::*
	cpe:2.3:h:schneider-electric:hmigxu55:-:::::::*

History

No history.

Information

Published : 2019-09-17 20:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-6833

Mitre link : CVE-2019-6833

CVE.ORG link : CVE-2019-6833

JSON object : View

Products Affected

schneider-electric

xbtgh2460
hmigto_firmware
hmigto2315
hmigto6315
hmigxo
hmig2u
hmigto6310
hmisto_firmware
hmiscu8b5
hmigxu35
xbtgh_firmware
hmisto705
hmistu655w
xbtgt2430
hmisto531
hmig5ul8a
hmigto5310
hmiscu6a5
hmigxu_firmware
hmigxu55
xbtgt_firmware
hmistu_firmware
hmisto715
hmig5ufc
hmistu855
hmig5u
hmig3u
hmigto4310
hmig5u2
hmisto511
hmiscu_firmware
hmig3ufc
hmigtu_firmware
hmigto1310
hmisto532
hmiscu6b5
hmigto5315
hmistu655
hmigxo_firmware
hmigto3510
hmiscu8a5
hmisto501
hmigto2310
hmisto512
xbtgt2930
hmistu855w
hmigto1300
hmigto2300
hmisto735

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-6833

6.5^/10

4.3^/10

Attach tags to `CVE-2019-6833`