var-201909-0047
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company.
Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0047", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "bmxnor0200h", "scope": null, "trust": 1.4, "vendor": "schneider electric", "version": null }, { "model": "bmxnor0200h", "scope": "eq", "trust": 1.0, "vendor": "schneider electric", "version": "*" }, { "model": "electric schneider electric bmxnor0200h ethernet/serial rtu module", "scope": null, "trust": 0.6, "vendor": "schneider", "version": null }, { "model": "bmxnor0200h", "scope": "eq", "trust": 0.6, "vendor": "schneider electric", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "CNNVD", "id": "CNNVD-201909-823" }, { "db": "NVD", "id": "CVE-2019-6831" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009523" } ] }, "cve": "CVE-2019-6831", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-6831", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2020-25044", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-158266", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-6831", "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.6, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-6831", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6831", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6831", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-25044", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201909-823", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-158266", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-6831", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "VULHUB", "id": "VHN-158266" }, { "db": "VULMON", "id": "CVE-2019-6831" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "CNNVD", "id": "CNNVD-201909-823" }, { "db": "NVD", "id": "CVE-2019-6831" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. \n\r\n\r\nSchneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided", "sources": [ { "db": "NVD", "id": "CVE-2019-6831" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "VULHUB", "id": "VHN-158266" }, { "db": "VULMON", "id": "CVE-2019-6831" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6831", "trust": 3.2 }, { "db": "SCHNEIDER", "id": "SEVD-2019-225-03", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-009523", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201909-823", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-25044", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-044-01", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0526", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-158266", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-6831", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "VULHUB", "id": "VHN-158266" }, { "db": "VULMON", "id": "CVE-2019-6831" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "CNNVD", "id": "CNNVD-201909-823" }, { "db": "NVD", "id": "CVE-2019-6831" } ] }, "id": "VAR-201909-0047", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "VULHUB", "id": "VHN-158266" } ], "trust": 1.45 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-25044" } ] }, "last_update_date": "2024-11-23T22:06:01.598000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2019-225-03", "trust": 0.8, "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2019-6831 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-6831" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-754", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158266" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "NVD", "id": "CVE-2019-6831" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/" }, { "trust": 1.8, "url": "https://security.cse.iitk.ac.in/responsible-disclosure" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6831" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6831" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-044-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0526/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/754.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2019-6831" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "VULHUB", "id": "VHN-158266" }, { "db": "VULMON", "id": "CVE-2019-6831" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "CNNVD", "id": "CNNVD-201909-823" }, { "db": "NVD", "id": "CVE-2019-6831" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-25044" }, { "db": "VULHUB", "id": "VHN-158266" }, { "db": "VULMON", "id": "CVE-2019-6831" }, { "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "db": "CNNVD", "id": "CNNVD-201909-823" }, { "db": "NVD", "id": "CVE-2019-6831" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-26T00:00:00", "db": "CNVD", "id": "CNVD-2020-25044" }, { "date": "2019-09-17T00:00:00", "db": "VULHUB", "id": "VHN-158266" }, { "date": "2019-09-17T00:00:00", "db": "VULMON", "id": "CVE-2019-6831" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "date": "2019-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-823" }, { "date": "2019-09-17T20:15:12.343000", "db": "NVD", "id": "CVE-2019-6831" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-26T00:00:00", "db": "CNVD", "id": "CNVD-2020-25044" }, { "date": "2019-10-02T00:00:00", "db": "VULHUB", "id": "VHN-158266" }, { "date": "2022-09-03T00:00:00", "db": "VULMON", "id": "CVE-2019-6831" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009523" }, { "date": "2020-02-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-823" }, { "date": "2024-11-21T04:47:14.383000", "db": "NVD", "id": "CVE-2019-6831" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-823" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "BMXNOR0200H Ethernet / Serial RTU Vulnerability in module checking for exceptional conditions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009523" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-823" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.