#VU25342 Improper Check for Unusual or Exceptional Conditions in Schneider Electric products - CVE-2019-6833
Published: February 14, 2020
Vulnerability identifier: #VU25342
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-6833
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Magelis HMIGTO
Magelis HMISTO
Magelis XBTGH
Magelis HMIGTU
Magelis HMIGTUX
Magelis HMISCU
Magelis HMISTU
Magelis XBTGT
Magelis XBTGC
Magelis HMIGXO
Magelis HMIGXU
Magelis HMIGTO
Magelis HMISTO
Magelis XBTGH
Magelis HMIGTU
Magelis HMIGTUX
Magelis HMISCU
Magelis HMISTU
Magelis XBTGT
Magelis XBTGC
Magelis HMIGXO
Magelis HMIGXU
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the HMI may temporarily freeze when the device receives a high rate of frames. When the attack stops, the buffered commands are processed by the HMI. A remote attacker can cause a denial of service condition on the target system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.