Permissions and Access Control Vulnerability in Schneider Electric Modicon Quantum
CVE-2019-6815

9.1CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Modicon Quantum - All Firmware Versions
Vendor: CVE Published:; 22 May 2019

Summary

In Schneider Electric's Modicon Quantum PLCs, all firmware versions are susceptible to vulnerabilities in permissions and access control when using the Ethernet/IP protocol. These vulnerabilities can potentially result in unauthorized modifications to the PLC configuration, leading to service disruption and operational risks.

Affected Version(s)

Modicon Quantum - all firmware Modicon Quantum - all firmware versions

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
Jan 25, 2019