The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software from a compromised FTP server, thereby causing malfunctions of the controller.

🗓️ 25 Nov 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Modicon controllers lack integrity checks on updates; attackers can download compromised updates via file transfer protocol, causing malfunctions.

Reporter	Title	Published	Views	Family All 11
CNVD	Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41495)	30 Oct 201900:00	–	cnvd
CVE	CVE-2019-6844	29 Oct 201914:48	–	cve
Cvelist	CVE-2019-6844	29 Oct 201914:48	–	cvelist
EUVD	EUVD-2019-16398	7 Oct 202500:30	–	euvd
NVD	CVE-2019-6844	29 Oct 201919:15	–	nvd
Tenable Nessus	Schneider-electric Modicon Improper Handling of Exceptional Conditions	8 Nov 201900:00	–	nessus
Tenable Nessus	Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6844)	7 Feb 202200:00	–	nessus
Prion	Design/Logic Flaw	29 Oct 201919:15	–	prion
RedhatCVE	CVE-2019-6844	22 May 202510:18	–	redhatcve
Talos	Schneider Electric Modicon M580 Mismatched Firmware Image FTP Upgrade Denial of Service Vulnerability	8 Oct 201900:00	–	talos

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-6844
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2019-281-02/
nvd	www.nvd.nist.gov/vuln/detail
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2019-281-02

25 Nov 2019 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 34.9

CVSS 26.8

EPSS0.00362

Modicon controllers integrity checks updates file transfer protocol compromised updates malfunctions