Vulnerabilities > CVE-2019-6842 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 | |
Hardware | 4 |
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2019-0823 |
last seen | 2019-11-02 |
published | 2019-10-08 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0823 |
title | Schneider Electric Modicon M580 FTP incomplete firmware update denial-of-service vulnerability |