CVE-2019-6854

EPSS 0.03%
Veröffentlicht 06.01.2020 23:15:11
Zuletzt bearbeitet 21.11.2024 04:47:17
Quelle cybersecurity@se.com
Teams Watchlist Login
Unerledigt Login

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Clearscada Version2017

Schneider-electric ≫ Clearscada Version2017 Updater2

Schneider-electric ≫ Clearscada Version2017 Updater3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.046

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.se.com/ww/en/download/document/SEVD-2019-344-05/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6854

EUVD