CVE-2019-6854

EPSS 0.03%
Published 06.01.2020 23:15:11
Last modified 21.11.2024 04:47:17
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Clearscada Version2017

Schneider-electric ≫ Clearscada Version2017 Updater2

Schneider-electric ≫ Clearscada Version2017 Updater3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.046

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.se.com/ww/en/download/document/SEVD-2019-344-05/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6854

EUVD