CVE-2019-6808

Name of the Vulnerable Software and Affected Versions Modicon M580 (affected versions not specified) Modicon M340 (affected versions not specified) Modicon Quantum (affected versions not specified) Modicon Premium (affected versions not specified)

Description A remote code execution issue exists due to improper access control, which could allow an attacker to overwrite configuration settings of the controller using the Modbus protocol. This could potentially lead to arbitrary code execution.

Recommendations For Modicon M580, update the firmware to a version that addresses the improper access control issue. For Modicon M340, restrict access to the Modbus protocol until a patch is available. For Modicon Quantum, consider disabling remote configuration capabilities via Modbus as a temporary workaround. For Modicon Premium, avoid using the Modbus protocol for configuration changes until the issue is resolved. As a general mitigation measure, restrict access to the Modbus protocol to minimize the risk of exploitation.