Vulnerabilities > CVE-2019-6848 - Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
schneider-electric
CWE-755

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

Talos

idTALOS-2019-0866
last seen2019-11-02
published2019-10-08
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0866
titleSchneider Electric Modicon M580 UMAS REST API getcominfo denial-of-service vulnerability