CVE-2019-6853

Published Nov 20, 2019

Last updated 5 years ago

CVSS medium 6.1

Overview

Description: A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
Source: cybersecurity@se.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79
cybersecurity@se.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CABA87DF-4D29-41D5-9C04-FCE822E08548"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3FCDE6F-3C90-4494-A768-B9556822555E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADAEA00E-C3B6-42B2-823B-5722033E0C46"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D80F1F9E-89E3-4263-AEA6-555226B412B6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2B69F42-8AF8-47AA-ABCC-6FCB2ACF8A2B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "373C69FE-14ED-4D75-9E60-BFE90F111D19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7979C28-2D31-4024-B9F9-5BA824D29216"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FAE3F03-CECB-4B21-987E-B9B7EB1BF3B9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB62B8D7-1157-460B-95A8-DF6F553949CF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14FDC5C2-695A-4349-B392-82AA8459115B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC56178-69E7-47BC-9965-25EC3CCD7C05"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References