Vulnerabilities > CVE-2019-6828 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

schneider-electric

CWE-755

NVD

Published: 2019-09-17

Updated: 2022-02-03

Summary

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M580 Firmware - Schneider Electric Modicon M580 Firmware 2.10 Schneider Electric Modicon M580 Firmware 2.12 Schneider Electric Modicon M580 Firmware 2.30 Schneider Electric Modicon M580 Firmware 2.41 Schneider Electric Modicon M580 Firmware 2.80 Schneider Electric Modicon M340 Firmware - Schneider Electric Modicon M340 Firmware 3.01 Schneider Electric Modicon Premium Firmware * Schneider Electric Modicon Quantum Firmware *	10
Hardware	Schneider-Electric Schneider Electric Modicon M580 - Schneider Electric Modicon M340 - Schneider Electric Modicon Premium - Schneider Electric Modicon Quantum -	4

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

Talos

id	TALOS-2019-0806
last seen	2019-09-19
published	2019-08-13
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0806
title	Schneider Electric Modicon M580 UMAS Read System Coils and Registers Denial of Service Vulnerability

References

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/