CVE-2019-6833

Summary

A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.

Affected Software

VendorProductVersion RangeStatus
Schneider Electric SEMagelis HMI Panelsall versions of HMIGTOaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMISTOaffected
Schneider Electric SEMagelis HMI Panelsall versions of XBTGHaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMIGTUaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMIGTUXaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMISCUaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMISTUaffected
Schneider Electric SEMagelis HMI Panelsall versions of XBTGTaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMIGXOaffected
Schneider Electric SEMagelis HMI Panelsall versions of HMIGXUaffected

Weaknesses

  • CWE-754: CWE-754 – Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References