CVE-2019-6814
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
22/05/2019
Last modified:
03/09/2022
Description
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:schneider-electric:net5501_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5501:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:net5501-i_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5501-i:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:net5501-xt_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5501-xt:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:net5504_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5504:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:net5500_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:net5516_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5516:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:schneider-electric:net5508_firmware:*:*:*:*:*:*:*:* | 2.1.9.7 (excluding) | |
| cpe:2.3:h:schneider-electric:net5508:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page