Uncaught Exception Vulnerability in Modicon Controllers by Schneider Electric
CVE-2019-6828

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580; Modicon M340; Modicon Premium; Modicon Quantum
Vendor: CVE Published:; 17 September 2019

Summary

The vulnerability presents an uncaught exception flaw in various Modicon controllers, potentially leading to a denial of service. Specifically, this issue can occur while accessing certain coils and registers through the Modbus protocol. Affected firmware versions prior to V2.90 for the M580 and V3.10 for the M340, along with all firmware versions for Modicon Premium and Quantum controllers, may expose systems to this risk, impacting the reliability and availability of industrial control systems.

Affected Version(s)

Modicon M340 firmware version prior to V3.10

Modicon M580 firmware version prior to V2.90

Modicon Premium all versions

References

https://www.schneider-electric.com/en/download/document/S...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Jan 25, 2019