[월:] 2020년 01월

CVE-2019-6855

Posted on by admin

CVE-2019-6855

An Improper Authorization – CWE-285 vulnerability exists in EcoStruxure� Control Expert V14.0 and all versions of Unity Pro (previously calledEcoStruxure� Control Expert), which could allow a bypass of the authentication process between EcoStruxure Control Expert and the controller.

Source: CVE-2019-6855

CVE-2019-6857

Posted on by admin

CVE-2019-6857

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

Source: CVE-2019-6857

CVE-2019-6856

Posted on by admin

CVE-2019-6856

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Source: CVE-2019-6856

CVE-2019-6854

Posted on by admin

CVE-2019-6854

A CWE-264 Permissions, Privileges, and Access Controls vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

Source: CVE-2019-6854