CVE-2019-6833

EPSS 0.34%
Published 17.09.2019 20:15:12
Last modified 30.09.2025 15:15:39
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Hmigto Firmware Version-

Schneider-electric ≫ Hmisto Firmware Version-

   Schneider-electric ≫ Hmisto501 Version-
   Schneider-electric ≫ Hmisto511 Version-
   Schneider-electric ≫ Hmisto512 Version-
   Schneider-electric ≫ Hmisto531 Version-
   Schneider-electric ≫ Hmisto532 Version-
   Schneider-electric ≫ Hmisto705 Version-
   Schneider-electric ≫ Hmisto715 Version-
   Schneider-electric ≫ Hmisto735 Version-

Schneider-electric ≫ Xbtgh Firmware Version-

Schneider-electric ≫ Xbtgh2460 Version-

Schneider-electric ≫ Hmigtu Firmware Version-

   Schneider-electric ≫ Hmig2u Version-
   Schneider-electric ≫ Hmig3u Version-
   Schneider-electric ≫ Hmig3ufc Version-
   Schneider-electric ≫ Hmig5u Version-
   Schneider-electric ≫ Hmig5u2 Version-
   Schneider-electric ≫ Hmig5ufc Version-
   Schneider-electric ≫ Hmig5ul8a Version-

Schneider-electric ≫ Hmiscu Firmware Version-

   Schneider-electric ≫ Hmiscu6a5 Version-
   Schneider-electric ≫ Hmiscu6b5 Version-
   Schneider-electric ≫ Hmiscu8a5 Version-
   Schneider-electric ≫ Hmiscu8b5 Version-

Schneider-electric ≫ Hmistu Firmware Version-

   Schneider-electric ≫ Hmistu655 Version-
   Schneider-electric ≫ Hmistu655w Version-
   Schneider-electric ≫ Hmistu855 Version-
   Schneider-electric ≫ Hmistu855w Version-

Schneider-electric ≫ Xbtgt Firmware Version-

Schneider-electric ≫ Xbtgt2430 Version-
Schneider-electric ≫ Xbtgt2930 Version-

Schneider-electric ≫ Hmigxo Firmware Version-

Schneider-electric ≫ Hmigxo Version-

Schneider-electric ≫ Hmigxu Firmware Version-

Schneider-electric ≫ Hmigxu35 Version-
Schneider-electric ≫ Hmigxu55 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.539

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://security.cse.iitk.ac.in/responsible-disclosure

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6833

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6833

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6833

EUVD