CVE-2019-6814

critical-risk

Published 2019-05-22

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

Do I need to act?

66.9% chance of exploitation in next 30 days

EPSS score — higher than 33% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

47186

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (7)

Net5501 Firmware

Net5501-I Firmware

Net5501-Xt Firmware

Net5504 Firmware

Net5500 Firmware

Net5516 Firmware

Net5508 Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://www.se.com/ww/en/download/document/SEVD-2019-134-01/

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 26/34 · High

Exposure 14/34 · Moderate