PT-2019-2334 · Schneider Electric · Modicon M580+3
Jared Rittle
·
Published
2019-05-14
·
Updated
2022-02-03
·
CVE-2019-6807
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Modicon M580 (affected versions not specified)
Modicon M340 (affected versions not specified)
Modicon Quantum (affected versions not specified)
Modicon Premium (affected versions not specified)
Description
A vulnerability exists that could cause a denial of service when writing sensitive application variables to the controller over Modbus. This issue is related to an uncaught exception and can be exploited by a remote attacker to disrupt service.
Recommendations
For Modicon M580, update or apply a fix to resolve the uncaught exception issue.
For Modicon M340, update or apply a fix to resolve the uncaught exception issue.
For Modicon Quantum, update or apply a fix to resolve the uncaught exception issue.
For Modicon Premium, update or apply a fix to resolve the uncaught exception issue.
As a temporary workaround, consider restricting access to the Modbus protocol to minimize the risk of exploitation.
Exploit
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Modicon M340
Modicon M580
Modicon Premium
Modicon Quantum