Code Injection Vulnerability in Modicon Quantum by Schneider Electric
CVE-2019-6816
9.1CRITICAL
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 22 May 2019
Summary
A code injection vulnerability exists in all versions of the Modicon Quantum firmware developed by Schneider Electric. This vulnerability could allow an attacker to modify firmware without authorization when utilizing the Modbus protocol, potentially leading to unauthorized access and service interruptions. Mitigating this vulnerability is essential to maintain system integrity and operational continuity.
Affected Version(s)
Modicon Quantum - all firmware Modicon Quantum - all firmware versions
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved