CVE-2019-6855

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
schneiderCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
schneider-electricecostruxure_control_expert
𝑥
< 14.1
schneider-electricecostruxure_control_expert
14.1
schneider-electricunity_pro
*
schneider-electricmodicon_m580_bmep584040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmeh584040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep586040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmeh586040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep581020_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep582020_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep582040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep583020_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep583040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep584020_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep585040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmeh582040_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep584040s_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmeh584040s_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmeh586040s_firmware
𝑥
< 3.10
schneider-electricmodicon_m580_bmep582040s_firmware
𝑥
< 3.10
schneider-electricmodicon_m340_bmxp3420302_firmware
𝑥
< 3.20
schneider-electricmodicon_m340_bmxp342020_firmware
𝑥
< 3.20
schneider-electricmodicon_m340_bmxp342000_firmware
𝑥
< 3.20
schneider-electricmodicon_m340_bmxp341000_firmware
𝑥
< 3.20
schneider-electricmodicon_m340_bmxp3420102_firmware
𝑥
< 3.20
schneider-electricmodicon_m340_bmxp3420302_firmware
𝑥
< 3.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/
https://www.se.com/ww/en/download/document/SEVD-2019-344-02/