PT-2019-2334 · Schneider Electric · Modicon M580+3
Jared Rittle
·
Publicado
2019-05-14
·
Atualizado
2022-02-03
·
CVE-2019-6807
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Modicon M580 (affected versions not specified)
Modicon M340 (affected versions not specified)
Modicon Quantum (affected versions not specified)
Modicon Premium (affected versions not specified)
Description
A vulnerability exists that could cause a denial of service when writing sensitive application variables to the controller over Modbus. This issue is related to an uncaught exception and can be exploited by a remote attacker to disrupt service.
Recommendations
For Modicon M580, update or apply a fix to resolve the uncaught exception issue.
For Modicon M340, update or apply a fix to resolve the uncaught exception issue.
For Modicon Quantum, update or apply a fix to resolve the uncaught exception issue.
For Modicon Premium, update or apply a fix to resolve the uncaught exception issue.
As a temporary workaround, consider restricting access to the Modbus protocol to minimize the risk of exploitation.
Exploit
Correção
Improper Handling of Exceptional Conditions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Modicon M340
Modicon M580
Modicon Premium
Modicon Quantum