Vulnerabilities > CVE-2019-6829 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric Modicon M340 Firmware and Modicon M580 Firmware

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
schneider-electric
CWE-755
NVD
Published: 2019-09-17
Updated: 2022-02-03

Summary

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

Vulnerable Configurations

Part Description Count
OS
Schneider-Electric
8
Hardware
Schneider-Electric
2

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0807
last seen2019-09-20
published2019-08-13
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0807
titleSchneider Electric Modicon M580 UMAS Function Code 0x29 Denial of Service Vulnerability

References