Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Published

2020-01-06T23:15:11.033

Last Modified

2024-11-21T04:47:17.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-287
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	clearscada	2017	Yes
Application	schneider-electric	clearscada	2017	Yes
Application	schneider-electric	clearscada	2017	Yes

References

https://www.se.com/ww/en/download/document/SEVD-2019-344-05/ Vendor Advisory ([email protected])
https://www.se.com/ww/en/download/document/SEVD-2019-344-05/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)