Denial of Service Vulnerability in Modicon Controllers by Schneider Electric
CVE-2019-6807

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
Vendor: CVE Published:; 22 May 2019

Summary

The vulnerability affects various Modicon controllers, enabling a risk of denial of service due to uncaught exceptions. When sensitive application variables are written to the controllers over Modbus, the affected devices may become unresponsive, impacting system reliability and performance. Organizations using these controllers should ensure their systems are patched and monitored to mitigate the risks associated with this vulnerability.

Affected Version(s)

Modicon M580 Modicon M340 Modicon Quantum Modicon Premium Modicon M580 Modicon M340 Modicon Quantum Modicon Premium

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_MISC

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
Jan 25, 2019