CVE-2019-6819

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon Controllers, Modicon M340 - Firmware Versions Prior To V3.01 Modicon M580 - Firmware Versions Prior To V2.80 All Firmware Versions Of Modicon Quantum And Modicon Premium
Vendor: CVE Published:; 22 May 2019

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.

Affected Version(s)

Modicon Controllers, Modicon M340 - firmware prior to V3.01 Modicon M580 - firmware prior to V2.80 All firmware of Modicon Quantum and Modicon Premium Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_MISC

http://www.securityfocus.com/bid/109004

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 22, 2019
Vulnerability Reserved
Jan 25, 2019

Collectors

NVD DatabaseMitre Database