Improper Condition Checks in Modicon Controllers by Schneider Electric
CVE-2019-6819

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon Controllers, Modicon M340 - Firmware Versions Prior To V3.01 Modicon M580 - Firmware Versions Prior To V2.80 All Firmware Versions Of Modicon Quantum And Modicon Premium
Vendor: CVE Published:; 22 May 2019

Summary

An improper check for unusual or exceptional conditions in Schneider Electric’s Modicon controllers could allow an attacker to send specially crafted Modbus frames. This can lead to a denial of service by disrupting the normal operation of the controllers, affecting critical processes and operational reliability. Users are advised to review their firmware versions and upgrade to the latest releases to mitigate this risk.

Affected Version(s)

Modicon Controllers, Modicon M340 - firmware prior to V3.01 Modicon M580 - firmware prior to V2.80 All firmware of Modicon Quantum and Modicon Premium Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_MISC

http://www.securityfocus.com/bid/109004

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
Jan 25, 2019