Uncaught Exception Vulnerability in Modicon M580, M340, Premium and Quantum by Schneider Electric
CVE-2019-6809

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580; Modicon M340; Modicon Premium; Modicon Quantum
Vendor: CVE Published:; 17 September 2019

Summary

An uncaught exception vulnerability has been identified in Schneider Electric's Modicon series, which includes M580, M340, Premium, and Quantum products. This vulnerability arises when the controller attempts to process invalid data, potentially leading to interruptions in service. Affected firmware versions are prior to V2.90 for Modicon M580 and prior to V3.10 for Modicon M340. Users of the Modicon Premium and Quantum devices are also at risk as all versions are affected. Organizations using these products should assess their systems and implement appropriate mitigations to safeguard against this vulnerability.

Affected Version(s)

Modicon M340 firmware version prior to V3.10

Modicon M580 firmware version prior to V2.90

Modicon Premium all versions

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Jan 25, 2019