Vulnerabilities > CVE-2019-6842 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
schneider-electric
CWE-755

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.

Talos

idTALOS-2019-0823
last seen2019-11-02
published2019-10-08
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0823
titleSchneider Electric Modicon M580 FTP incomplete firmware update denial-of-service vulnerability