CVE-2019-6855
published 2020-01-06CVE-2019-6855: Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all…
high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | ecostruxure_control_expert | < 14.1 | 14.1 |
| schneider-electric | ecostruxure_control_expert | — | — |
| schneider-electric | modicon_m340_bmxp341000_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m340_bmxp342000_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m340_bmxp3420102_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m340_bmxp342020_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m340_bmxp3420302_firmware | < 3.20 | 3.20 |
| schneider-electric | modicon_m580_bmeh582040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmeh584040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmeh584040s_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmeh586040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmeh586040s_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep581020_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep582020_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep582040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep582040s_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep583020_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep583040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep584020_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep584040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep584040s_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep585040_firmware | < 3.10 | 3.10 |
| schneider-electric | modicon_m580_bmep586040_firmware | < 3.10 | 3.10 |