Lucene search

[email protected]NVD:CVE-2019-6842

HistoryOct 29, 2019 - 7:15 p.m.

CVE-2019-6842

2019-10-2919:15:21

CWE-755

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.

Affected configurations

Nvd

Node

schneider-electricmodicon_m580Match-

AND

schneider-electricmodicon_m580_firmware

Node

schneider-electricmodicon_m340Match-

AND

schneider-electricmodicon_m340_firmware

Node

schneider-electricmodicon_bmxcraMatch-

AND

schneider-electricmodicon_bmxcra_firmware

Node

schneider-electricmodicon_140craMatch-

AND

schneider-electricmodicon_140cra_firmware

VendorProductVersionCPE
schneider-electricmodicon_m580-cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*
schneider-electricmodicon_m580_firmware*cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_m340-cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*
schneider-electricmodicon_m340_firmware*cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_bmxcra-cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*
schneider-electricmodicon_bmxcra_firmware*cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicon_140cra-cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*
schneider-electricmodicon_140cra_firmware*cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicon_m580	-	cpe:2.3:h:schneider-electric:modicon_m580:-:::::::*
schneider-electric	modicon_m580_firmware	*	cpe:2.3:o:schneider-electric:modicon_m580_firmware::::::::
schneider-electric	modicon_m340	-	cpe:2.3:h:schneider-electric:modicon_m340:-:::::::*
schneider-electric	modicon_m340_firmware	*	cpe:2.3:o:schneider-electric:modicon_m340_firmware::::::::
schneider-electric	modicon_bmxcra	-	cpe:2.3:h:schneider-electric:modicon_bmxcra:-:::::::*
schneider-electric	modicon_bmxcra_firmware	*	cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware::::::::
schneider-electric	modicon_140cra	-	cpe:2.3:h:schneider-electric:modicon_140cra:-:::::::*
schneider-electric	modicon_140cra_firmware	*	cpe:2.3:o:schneider-electric:modicon_140cra_firmware::::::::

References

www.se.com/ww/en/download/document/SEVD-2019-281-02/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for NVD:CVE-2019-6842

cvelist1 nessus2 talos1 prion1 cve1 talosblog1