Improper Check Vulnerability in Modicon Products by Schneider Electric
CVE-2019-6856

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see Security Notification For Specific Versions)
Vendor: CVE Published:; 6 January 2020

Summary

A vulnerability exists in Schneider Electric’s Modicon products, including the M580, M340, Quantum, and Premium series. This flaw is caused by an improper check for unusual or exceptional conditions related to Modbus TCP communication. Attackers could exploit this vulnerability by writing specific physical memory blocks, which might result in a Denial of Service, compromising the operation and reliability of the affected systems.

Affected Version(s)

Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific ) Modicon M580

Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific ) Modicon M340

Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific ) Modicon Quantum

References

https://www.se.com/ww/en/download/document/SEVD-2019-344-01

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsa-20-016-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2020
Vulnerability Reserved
Jan 25, 2019