Vulnerability Details : CVE-2019-6833
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.
Products affected by CVE-2019-6833
- cpe:2.3:o:schneider-electric:hmigto_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:hmisto_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:xbtgh_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:h:schneider-electric:hmigtu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:hmiscu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:hmistu_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:xbtgt_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:hmigxo_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:hmigxu_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-6833
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-6833
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-6833
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by:
- cybersecurity@se.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-6833
-
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01
Security Notification - Magelis HMI Panels | Schneider ElectricVendor Advisory
-
https://security.cse.iitk.ac.in/responsible-disclosure
Responsible Disclosure | Indian Institute of Technology, Kanpur
Jump to