CVE-2019-6842

Name of the Vulnerable Software and Affected Versions Modicon M580 (all firmware versions) Modicon M340 (all firmware versions) Modicon BMxCRA (all firmware versions) 140CRA (all firmware versions)

Description A vulnerability exists in the Modicon controllers' firmware, related to the improper handling of exceptional conditions. This issue is associated with the lack of integrity check of the firmware update, which could allow a remote attacker to upload a firmware update with a missing web server image via the FTP protocol, resulting in a Denial of Service attack on the PLC.

Recommendations For Modicon M580, consider disabling the FTP protocol until a patch is available. For Modicon M340, restrict access to the firmware update module to minimize the risk of exploitation. For Modicon BMxCRA, avoid using the firmware update feature with a missing web server image until the issue is resolved. For 140CRA, as a temporary workaround, consider disabling the firmware update functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.