CVE-2019-6820

Name of the Vulnerable Software and Affected Versions Modicon M100 versions all Modicon M200 versions all Modicon M221 versions all ATV IMC drive controller versions all Modicon M241 versions all Modicon M251 versions all Modicon M258 versions all Modicon LMC058 versions all Modicon LMC078 versions all PacDrive Eco versions all PacDrive Pro versions all PacDrive Pro2 versions all

Description The issue is related to the absence of authentication for a critical function in the programmable logic controllers Modicon, PacDrive, and ATV IMC. This could allow a remote attacker to modify the device's IP configuration, including the IP address, network mask, and gateway IP address, by sending a specific Ethernet frame.

Recommendations For Modicon M100, update to a version that includes authentication for critical functions. For Modicon M200, update to a version that includes authentication for critical functions. For Modicon M221, update to a version that includes authentication for critical functions. For ATV IMC drive controller, update to a version that includes authentication for critical functions. For Modicon M241, update to a version that includes authentication for critical functions. For Modicon M251, update to a version that includes authentication for critical functions. For Modicon M258, update to a version that includes authentication for critical functions. For Modicon LMC058, update to a version that includes authentication for critical functions. For Modicon LMC078, update to a version that includes authentication for critical functions. For PacDrive Eco, update to a version that includes authentication for critical functions. For PacDrive Pro, update to a version that includes authentication for critical functions. For PacDrive Pro2, update to a version that includes authentication for critical functions. As a temporary workaround, consider restricting access to the Ethernet interface until a patch is available.