CVE-2019-6833

CVSS V2 Medium 4.3 CVSS V3 Medium 6.5
Description
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.
Overview
  • CVE ID
  • CVE-2019-6833
  • Assigner
  • cybersecurity@se.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2019-09-17T20:15:12
  • Last Modified Date
  • 2020-02-10T21:53:41
Weakness Enumerations
CWE URL
CWE-754 http://cwe.mitre.org/data/definitions/754.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:schneider-electric:hmigto_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmigto1300:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto1310:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto2300:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto2310:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto2315:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto3510:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto4310:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto5310:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto5315:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto6310:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigto6315:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:hmisto_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmisto501:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto511:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto512:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto531:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto532:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto705:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto715:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmisto735:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:xbtgh_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:xbtgh2460:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:h:schneider-electric:hmigtu_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmig2u:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmig3u:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmig3ufc:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmig5u:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmig5u2:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmig5ufc:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmig5ul8a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:hmiscu_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmiscu6a5:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmiscu6b5:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmiscu8a5:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmiscu8b5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:hmistu_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmistu655:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmistu655w:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmistu855:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmistu855w:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:xbtgt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:xbtgt2430:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:xbtgt2930:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:hmigxo_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmigxo:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:schneider-electric:hmigxu_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:schneider-electric:hmigxu35:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:schneider-electric:hmigxu55:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 6.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01 Vendor Advisory
https://security.cse.iitk.ac.in/responsible-disclosure
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-6833
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6833
History
Created Old Value New Value Data Type Notes
2022-05-10 16:50:17 Added to TrackCVE
2022-12-04 02:53:07 cybersecurity@schneider-electric.com cybersecurity@se.com CVE Assigner updated
2022-12-04 02:53:07 2019-09-17T20:15Z 2019-09-17T20:15:12 CVE Published Date updated
2022-12-04 02:53:07 2020-02-10T21:53:41 CVE Modified Date updated
2022-12-04 02:53:07 Modified Vulnerability Status updated