Improper Access Control in BMXNOR0200H Ethernet/Serial RTU Module by Schneider Electric
CVE-2019-6810

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Bmxnor0200h Ethernet / Serial Rtu Module
Vendor: CVE Published:; 17 September 2019

Summary

An improper access control vulnerability exists in the BMXNOR0200H Ethernet/Serial RTU module from Schneider Electric. This issue allows unauthorized users to execute commands via the IEC 60870-5-104 protocol. Organizations utilizing this module should assess their systems immediately to mitigate risk and ensure that access control measures are effectively implemented.

Affected Version(s)

BMXNOR0200H Ethernet / Serial RTU module all firmware versions

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

https://security.cse.iitk.ac.in/responsible-disclosure

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Jan 25, 2019