CVE-2019-6814

CRITICAL EXPLOITED

Schneider-electric Net5501 Firmware < 2.1.9.7 - Authentication Bypass

Title source: rule

Description

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/47186

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Lucas Dinucci <[email protected]>, Vitor Esperança <[email protected]> · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.se.com/ww/en/download/document/SEVD-2019-134-01/

Scores

CVSS v3 9.8

EPSS 0.6693

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-13

CWE

CWE-287

Status published

Products (7)

schneider-electric/net5500_firmware < 2.1.9.7

schneider-electric/net5501_firmware < 2.1.9.7

schneider-electric/net5501-i_firmware < 2.1.9.7

schneider-electric/net5501-xt_firmware < 2.1.9.7

schneider-electric/net5504_firmware < 2.1.9.7

schneider-electric/net5508_firmware < 2.1.9.7

schneider-electric/net5516_firmware < 2.1.9.7

Published May 22, 2019

Tracked Since Feb 18, 2026