Vulnerabilities > CVE-2019-6809 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
schneider-electric
CWE-755

Summary

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.

Talos

idTALOS-2018-0736
last seen2019-09-19
published2019-08-13
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0736
titleSchneider Electric Modicon M580 UMAS read strategy denial-of-service vulnerability