Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6833


A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.


Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.5, indicating it can be exploited remotely over the network with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 49 products from schneider-electric, from schneider-electric, from schneider-electric and 46 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.


Published

2019-09-17T20:15:12.467

Last Modified

2026-06-17T02:39:45.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-754
  • Type: Primary
    CWE-754

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System schneider-electric hmigto_firmware - Yes
Hardware schneider-electric hmigto1300 - No
Hardware schneider-electric hmigto1310 - No
Hardware schneider-electric hmigto2300 - No
Hardware schneider-electric hmigto2310 - No
Hardware schneider-electric hmigto2315 - No
Hardware schneider-electric hmigto3510 - No
Hardware schneider-electric hmigto4310 - No
Hardware schneider-electric hmigto5310 - No
Hardware schneider-electric hmigto5315 - No
Hardware schneider-electric hmigto6310 - No
Hardware schneider-electric hmigto6315 - No
Operating System schneider-electric hmisto_firmware - Yes
Hardware schneider-electric hmisto501 - No
Hardware schneider-electric hmisto511 - No
Hardware schneider-electric hmisto512 - No
Hardware schneider-electric hmisto531 - No
Hardware schneider-electric hmisto532 - No
Hardware schneider-electric hmisto705 - No
Hardware schneider-electric hmisto715 - No
Hardware schneider-electric hmisto735 - No
Operating System schneider-electric xbtgh_firmware - Yes
Hardware schneider-electric xbtgh2460 - No
Hardware schneider-electric hmigtu_firmware - Yes
Hardware schneider-electric hmig2u - No
Hardware schneider-electric hmig3u - No
Hardware schneider-electric hmig3ufc - No
Hardware schneider-electric hmig5u - No
Hardware schneider-electric hmig5u2 - No
Hardware schneider-electric hmig5ufc - No
Hardware schneider-electric hmig5ul8a - No
Operating System schneider-electric hmiscu_firmware - Yes
Hardware schneider-electric hmiscu6a5 - No
Hardware schneider-electric hmiscu6b5 - No
Hardware schneider-electric hmiscu8a5 - No
Hardware schneider-electric hmiscu8b5 - No
Operating System schneider-electric hmistu_firmware - Yes
Hardware schneider-electric hmistu655 - No
Hardware schneider-electric hmistu655w - No
Hardware schneider-electric hmistu855 - No
Hardware schneider-electric hmistu855w - No
Operating System schneider-electric xbtgt_firmware - Yes
Hardware schneider-electric xbtgt2430 - No
Hardware schneider-electric xbtgt2930 - No
Operating System schneider-electric hmigxo_firmware - Yes
Hardware schneider-electric hmigxo - No
Operating System schneider-electric hmigxu_firmware - Yes
Hardware schneider-electric hmigxu35 - No
Hardware schneider-electric hmigxu55 - No

References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For schneider-electric's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.