Vulnerabilities > CVE-2019-6844 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
schneider-electric
CWE-755
NVD
Published: 2019-10-29
Updated: 2022-02-03

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.

Vulnerable Configurations

Part Description Count
OS
Schneider-Electric
4
Hardware
Schneider-Electric
4

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0825
last seen2019-11-02
published2019-10-08
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0825
titleSchneider Electric Modicon M580 Mismatched Firmware Image FTP Upgrade Denial of Service Vulnerability

References