schneider-electric ecostruxure-control-expert CVE-2019-6855 in Schneider Electric and Se Products
Published on January 6, 2020

product logo product logo
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2019-6855 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2019-6855

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-6855 are published in these products:

Schneider Electric Ecostruxure Control Expert
 
Schneider Electric Unity Pro
 
Se Ecostruxure Control Expert
 

Exploit Probability

EPSS
0.19%
Percentile
40.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.