CVE-2019-6821

6.5MEDIUM

Key Information:

Vendor
Schneider Electric
Status
Modicon Controllers, Modicon M580 Firmware Versions Prior To V2.30, And All Firmware Versions Of Modicon M340, Modicon Premium, Modicon Quantum
Vendor
CVE Published:
22 May 2019

Summary

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

Affected Version(s)

Modicon Controllers, Modicon M580 firmware prior to V2.30, and all firmware of Modicon M340, Modicon Premium, Modicon Quantum Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
x_refsource_MISC
http://www.securityfocus.com/bid/108366
vdb-entryx_refsource_BID
https://www.schneider-electric.com/en/download/document/S...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.