Vulnerabilities > CVE-2019-6841 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 | |
Hardware | 4 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2019-0822 |
last seen | 2019-11-02 |
published | 2019-10-08 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0822 |
title | Schneider Electric Modicon M580 FTP firmware update loader service denial-of-service vulnerability |