CVE-2019-6814
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
Affected (7)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5501 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5501 I | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5501 Xt | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5504 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5500 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5516 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.1.9.7 |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Net5508 | All versions |
References (2)
Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.