CVE-2019-6833
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.
Affected (9)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmigto1300 | All versions |
Schneider Electric Hmigto1310 | All versions |
Schneider Electric Hmigto2300 | All versions |
Schneider Electric Hmigto2310 | All versions |
Schneider Electric Hmigto2315 | All versions |
Schneider Electric Hmigto3510 | All versions |
Schneider Electric Hmigto4310 | All versions |
Schneider Electric Hmigto5310 | All versions |
Schneider Electric Hmigto5315 | All versions |
Schneider Electric Hmigto6310 | All versions |
Schneider Electric Hmigto6315 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmisto501 | All versions |
Schneider Electric Hmisto511 | All versions |
Schneider Electric Hmisto512 | All versions |
Schneider Electric Hmisto531 | All versions |
Schneider Electric Hmisto532 | All versions |
Schneider Electric Hmisto705 | All versions |
Schneider Electric Hmisto715 | All versions |
Schneider Electric Hmisto735 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Xbtgh2460 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmig2u | All versions |
Schneider Electric Hmig3u | All versions |
Schneider Electric Hmig3ufc | All versions |
Schneider Electric Hmig5u | All versions |
Schneider Electric Hmig5u2 | All versions |
Schneider Electric Hmig5ufc | All versions |
Schneider Electric Hmig5ul8a | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmiscu6a5 | All versions |
Schneider Electric Hmiscu6b5 | All versions |
Schneider Electric Hmiscu8a5 | All versions |
Schneider Electric Hmiscu8b5 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmistu655 | All versions |
Schneider Electric Hmistu655w | All versions |
Schneider Electric Hmistu855 | All versions |
Schneider Electric Hmistu855w | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Xbtgt2430 | All versions |
Schneider Electric Xbtgt2930 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmigxo | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Schneider Electric Hmigxu35 | All versions |
Schneider Electric Hmigxu55 | All versions |
References (4)
Source: cybersecurity@se.com
Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.