Vulnerabilities > CVE-2019-6810 - Unspecified vulnerability in Schneider-Electric Bmxnor0200H Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

NVD

Published: 2019-09-17

Updated: 2023-02-13

Summary

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Bmxnor0200H Firmware *	1
Hardware	Schneider-Electric Schneider Electric Bmxnor0200H -	1

References

https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
https://security.cse.iitk.ac.in/responsible-disclosure