Vulnerabilities > CVE-2019-6848 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-755

NVD

Published: 2019-10-29

Updated: 2021-04-19

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon M580 Firmware - Schneider Electric Modicon Bmenoc 0311 Firmware - Schneider Electric Modicon Bmenoc 0321 Firmware -	3
Hardware	Schneider-Electric Schneider Electric Modicon M580 - Schneider Electric Modicon Bmenoc 0311 - Schneider Electric Modicon Bmenoc 0321 -	3

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

Talos

id	TALOS-2019-0866
last seen	2019-11-02
published	2019-10-08
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0866
title	Schneider Electric Modicon M580 UMAS REST API getcominfo denial-of-service vulnerability

References

https://www.se.com/ww/en/download/document/SEVD-2019-281-04/