Vulnerabilities > CVE-2019-6847 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
schneider-electric
CWE-755
NVD
Published: 2019-10-29
Updated: 2022-02-03

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.

Vulnerable Configurations

Part Description Count
OS
Schneider-Electric
4
Hardware
Schneider-Electric
4

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0847
last seen2019-11-02
published2019-10-08
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0847
titleSchneider Electric Modicon M580 outdated firmware image FTP upgrade denial-of-service vulnerability

References