Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2023-25620

Vulnerability from fkie_nvd - Published: 2023-04-19 09:15 - Updated: 2024-11-21 07:49

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

References

	URL	Tags
	cybersecurity@se.com	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf
	af854a3a-2127-422b-91ae-364da2661108	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_momentum_unity_m1e_processor_firmware	*
schneider-electric	modicon_momentum_unity_m1e_processor	-
schneider-electric	modicon_mc80_firmware	*
schneider-electric	modicon_mc80	-
schneider-electric	140cpu65_firmware	*
schneider-electric	140cpu65	-
schneider-electric	tsxp57_firmware	*
schneider-electric	tsxp57	-
schneider-electric	bmep58s_firmware	*
schneider-electric	bmep58s	-
schneider-electric	bmeh58s_firmware	*
schneider-electric	bmeh58s	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4818276-B0D9-41F6-B8F6-C94B88F6E2A1",
              "versionEndExcluding": "4.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDBE606F-EE13-410F-839A-708EB480B3E3",
              "versionEndExcluding": "3.51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_unity_m1e_processor_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53AFB8E-0830-46BE-8BED-4BF61B354262",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_unity_m1e_processor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C0178B3-FC32-4473-A368-A614F6F55F98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526DCF0E-C625-4114-80CB-AD79912104FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7A6BC87-E598-4DB6-AD19-5E836C1B6570",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B6D628-61AA-4999-B71F-FF93182A035B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E9922C-D583-4820-9BAC-8D8CC31F482B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20CF298-0E3F-4142-B7CF-791FA5E5545C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2161791-5948-4C6E-B0FC-8DC7686CD87A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmep58s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D21387-44D7-49C3-A809-85AF4D221772",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmep58s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C1E042E-5DF3-4C78-95AC-114AB889A7E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmeh58s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10BD4983-0194-4499-A6F8-6FD123482F33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh58s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6CCDB6-CAFB-49CB-AB5B-EDDC13835F03",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n"
    }
  ],
  "id": "CVE-2023-25620",
  "lastModified": "2024-11-21T07:49:50.757",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-19T09:15:07.457",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-25619

Vulnerability from fkie_nvd - Published: 2023-04-19 08:15 - Updated: 2025-02-05 16:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf
	af854a3a-2127-422b-91ae-364da2661108	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_momentum_unity_m1e_processor_firmware	*
schneider-electric	modicon_momentum_unity_m1e_processor	-
schneider-electric	modicon_mc80_firmware	*
schneider-electric	modicon_mc80	-
schneider-electric	tsxp57_firmware	*
schneider-electric	tsxp57	-
schneider-electric	bmep58s_firmware	*
schneider-electric	bmep58s	-
schneider-electric	bmeh58s_firmware	*
schneider-electric	bmeh58s	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4818276-B0D9-41F6-B8F6-C94B88F6E2A1",
              "versionEndExcluding": "4.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDBE606F-EE13-410F-839A-708EB480B3E3",
              "versionEndExcluding": "3.51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_momentum_unity_m1e_processor_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53AFB8E-0830-46BE-8BED-4BF61B354262",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_momentum_unity_m1e_processor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C0178B3-FC32-4473-A368-A614F6F55F98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_mc80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526DCF0E-C625-4114-80CB-AD79912104FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_mc80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7A6BC87-E598-4DB6-AD19-5E836C1B6570",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20CF298-0E3F-4142-B7CF-791FA5E5545C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2161791-5948-4C6E-B0FC-8DC7686CD87A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmep58s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D21387-44D7-49C3-A809-85AF4D221772",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmep58s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C1E042E-5DF3-4C78-95AC-114AB889A7E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmeh58s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10BD4983-0194-4499-A6F8-6FD123482F33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmeh58s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6CCDB6-CAFB-49CB-AB5B-EDDC13835F03",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n"
    }
  ],
  "id": "CVE-2023-25619",
  "lastModified": "2025-02-05T16:15:35.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-19T08:15:07.997",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2020-7475

Vulnerability from fkie_nvd - Published: 2020-03-23 19:15 - Updated: 2024-11-21 05:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

References

	URL	Tags
	cybersecurity@se.com	http://www.se.com/ww/en/download/document/SEVD-2020-080-01	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.se.com/ww/en/download/document/SEVD-2020-080-01	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	ecostruxure_control_expert	*
schneider-electric	unity_pro	*
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CBE98E7-30D6-422E-8FF2-5EFEEA473CDF",
              "versionEndIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51476F6C-7515-4DD4-8D3D-5E86C1EEFC06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "076769A2-52DE-4B81-A714-41B3F806B9C9",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B4D2FF-B0A3-4879-B006-2F64D93DB173",
              "versionEndExcluding": "3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller."
    },
    {
      "lang": "es",
      "value": "Una CWE-74: Una Neutralizaci\u00f3n Inapropiada de Elementos Especiales en la Salida Usada por un Componente Aguas Abajo (\"Inyection\"), una DLL reflexiva, la vulnerabilidad se presenta en EcoStruxure Control Expert (todas las versiones anteriores a 14.1 Hot Fix), Unity Pro (todas las versiones), Modicon M340 (todas las versiones anteriores a V3.20), Modicon M580 (todas las versiones anteriores a V3.10), que, si es explotada, podr\u00eda permitir a atacantes transferir c\u00f3digos maliciosos hacia el controlador."
    }
  ],
  "id": "CVE-2020-7475",
  "lastModified": "2024-11-21T05:37:13.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-23T19:15:12.413",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6857

Vulnerability from fkie_nvd - Published: 2020-01-06 23:15 - Updated: 2024-11-21 04:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

References

URL	Tags
cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-344-01	Vendor Advisory
cybersecurity@se.com	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-344-01	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	tsxh5744m_firmware	*
schneider-electric	tsxh5744m	-
schneider-electric	tsxh5724m_firmware	*
schneider-electric	tsxh5724m	-
schneider-electric	tsxp576634m_firmware	*
schneider-electric	tsxp576634m_	-
schneider-electric	tsxp57554m_firmware	*
schneider-electric	tsxp57554m	-
schneider-electric	tsxp575634m_firmware	*
schneider-electric	tsxp575634m	-
schneider-electric	tsxp57454m_firmware	*
schneider-electric	tsxp57454m	-
schneider-electric	tsxp574634m_firmware	*
schneider-electric	tsxp574634m	-
schneider-electric	tsxp57354m_firmware	*
schneider-electric	tsxp57354m	-
schneider-electric	tsxp573634m_firmware	*
schneider-electric	tsxp573634m	-
schneider-electric	tsxp57304m_firmware	*
schneider-electric	tsxp57304m	-
schneider-electric	tsxp57254m_firmware	*
schneider-electric	tsxp57254m	-
schneider-electric	tsxp572634m_firmware	*
schneider-electric	tsxp572634m	-
schneider-electric	tsxp57204m_firmware	*
schneider-electric	tsxp57204m_	-
schneider-electric	tsxp571634m_firmware	*
schneider-electric	tsxp571634m	-
schneider-electric	tsxp57154m_firmware	*
schneider-electric	tsxp57154m	-
schneider-electric	tsxp57104m_firmware	*
schneider-electric	tsxp57104m	-
schneider-electric	140cpu65150_firmware	*
schneider-electric	140cpu65150	-
schneider-electric	140cpu65160_firmware	*
schneider-electric	140cpu65160	-
schneider-electric	140cpu65260_firmware	*
schneider-electric	140cpu65260	-
schneider-electric	140cpu67261_firmware	*
schneider-electric	140cpu67261	-
schneider-electric	140cpu67060_firmware	*
schneider-electric	140cpu67060	-
schneider-electric	140cpu67160_firmware	*
schneider-electric	140cpu67160	-
schneider-electric	140cpu67261_firmware	*
schneider-electric	140cpu67261	-
schneider-electric	140cpu67260_firmware	*
schneider-electric	140cpu67260	-
schneider-electric	140cpu65860_firmware	*
schneider-electric	140cpu65860	-
schneider-electric	140cpu67861_firmware	*
schneider-electric	140cpu67861	-
schneider-electric	140cpu65160s_firmware	*
schneider-electric	140cpu65160s	-
schneider-electric	140cpu67160s_firmware	*
schneider-electric	140cpu67160s	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB",
              "versionEndExcluding": "2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F",
              "versionEndExcluding": "3.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6FF401-ED15-45EE-9A84-171166BF4414",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B57B894-5AA4-4412-B425-7338CB2FFA3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CD95A2-9FAE-4A7E-8331-8904C0E0CE3D",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F56BA4-6A19-44FB-8555-7360C77F83AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5EEE1F8-0DCA-4D18-A022-5DBE980F3A16",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp576634m_:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F683564-419D-418B-A4D5-BB203F709DD7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED646076-2294-4253-92BF-B95D5D5E87A4",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5572E616-5D86-46FF-AEA7-4A12E66F0ED4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B1574C-2FC7-4A3C-B260-D8372A268F4A",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "853895C6-5EDF-4767-9653-F5F7826B4A7E",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC537593-1AB7-438E-AB71-EDB469A1DFF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9FBA4C-DA99-4F22-9168-ECD281B090C3",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE60505D-0211-4E8C-B32C-988E25698B1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57354m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7766E8-40EB-4C72-8234-C8D997F98F6C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57354m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE46047-D9AF-4720-A130-A0F989423F82",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9246F10-84D1-4AE0-BF1A-B61EA1E965A2",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80500883-2825-46DD-8ED9-4F324A4494CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889586D3-B64F-42DA-8872-DD44C9790881",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EBCADE-8F8C-402B-8FB6-62237168E788",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B75D71-11CA-4DDF-849A-08A9D84C95AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E3F062-3874-4EB6-829B-285B428E982E",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA2094F4-976F-44FA-A7E5-93E20A80DA00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43BE3D1E-5F7D-409F-A932-073D5A566180",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E25651C-E4B5-47A2-A6CE-79F7ECAE246E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DEF9B5-6BC0-43A7-AD74-81F9D23BA843",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A5DCC8-9E3D-4919-9DE3-73FC8733E73D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E358F77-1F8F-4F2F-A54C-B5F2373EFEE6",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC8F0AB-C4A8-40B3-88E0-92F52EA05692",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56724F0C-2DA8-4710-9D82-EE51FA9B062C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "587226C6-6BE2-4A42-B593-34498F647B24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF48-8A20-48A4-9601-512800EC4770",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71AB2E0-FE0C-4ABE-B443-2DE3C271909E",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE05725-46D0-4058-B5FB-743B3F353285",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD28EA1B-C90C-4764-BAE4-CB3314C053E4",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "164AEEA1-666F-428A-BFCB-5DEEEFE1D771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90499B24-178F-47E0-8B02-434B47C748EE",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF2A7A3-89EF-480D-8E6E-20E11CF60A97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41678F69-BE37-401E-ADD2-87B919767020",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3870E952-7A32-43DA-8C66-DE43C862639B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD28EA1B-C90C-4764-BAE4-CB3314C053E4",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "164AEEA1-666F-428A-BFCB-5DEEEFE1D771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA6F869-D33E-4510-A292-CB41BAB41129",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDC8ABE1-DE6C-485D-9149-F09C5045B40C",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8230FD-0C0A-467C-9BAD-09257739D462",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED500E27-ADAC-467A-9D63-DFB073748525",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF97B5A6-960F-42BA-A397-09C819A3200C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B10B14-841E-4F8B-94A2-6F0807ED53E9",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E48F27-F241-4491-AFF7-8BD562F21A52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EBB9390-E2A9-4F52-A2C5-924C41C1886E",
              "versionEndExcluding": "3.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C1C17A-9111-49B8-A2CE-3A2FB87616F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
    },
    {
      "lang": "es",
      "value": "CWE-754: Hay una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (v\u00e9ase la notificaci\u00f3n de seguridad para versiones espec\u00edficas) que podr\u00eda causar una Denegaci\u00f3n de Servicio del controlador cuando se leen bloques de memoria espec\u00edficos usando Modbus TCP."
    }
  ],
  "id": "CVE-2019-6857",
  "lastModified": "2024-11-21T04:47:17.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-06T23:15:11.377",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6856

Vulnerability from fkie_nvd - Published: 2020-01-06 23:15 - Updated: 2024-11-21 04:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

References

URL	Tags
cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-344-01	Vendor Advisory
cybersecurity@se.com	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-344-01	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	tsxh5744m_firmware	*
schneider-electric	tsxh5744m	-
schneider-electric	tsxh5724m_firmware	*
schneider-electric	tsxh5724m	-
schneider-electric	tsxp576634m_firmware	*
schneider-electric	tsxp576634m_	-
schneider-electric	tsxp57554m_firmware	*
schneider-electric	tsxp57554m	-
schneider-electric	tsxp575634m_firmware	*
schneider-electric	tsxp575634m	-
schneider-electric	tsxp57454m_firmware	*
schneider-electric	tsxp57454m	-
schneider-electric	tsxp574634m_firmware	*
schneider-electric	tsxp574634m	-
schneider-electric	tsxp57354m_firmware	*
schneider-electric	tsxp57354m	-
schneider-electric	tsxp573634m_firmware	*
schneider-electric	tsxp573634m	-
schneider-electric	tsxp57304m_firmware	*
schneider-electric	tsxp57304m	-
schneider-electric	tsxp57254m_firmware	*
schneider-electric	tsxp57254m	-
schneider-electric	tsxp572634m_firmware	*
schneider-electric	tsxp572634m	-
schneider-electric	tsxp57204m_firmware	*
schneider-electric	tsxp57204m_	-
schneider-electric	tsxp571634m_firmware	*
schneider-electric	tsxp571634m	-
schneider-electric	tsxp57154m_firmware	*
schneider-electric	tsxp57154m	-
schneider-electric	tsxp57104m_firmware	*
schneider-electric	tsxp57104m	-
schneider-electric	140cpu65150_firmware	*
schneider-electric	140cpu65150	-
schneider-electric	140cpu65160_firmware	*
schneider-electric	140cpu65160	-
schneider-electric	140cpu65260_firmware	*
schneider-electric	140cpu65260	-
schneider-electric	140cpu67261_firmware	*
schneider-electric	140cpu67261	-
schneider-electric	140cpu67060_firmware	*
schneider-electric	140cpu67060	-
schneider-electric	140cpu67160_firmware	*
schneider-electric	140cpu67160	-
schneider-electric	140cpu67261_firmware	*
schneider-electric	140cpu67261	-
schneider-electric	140cpu67260_firmware	*
schneider-electric	140cpu67260	-
schneider-electric	140cpu65860_firmware	*
schneider-electric	140cpu65860	-
schneider-electric	140cpu67861_firmware	*
schneider-electric	140cpu67861	-
schneider-electric	140cpu65160s_firmware	*
schneider-electric	140cpu65160s	-
schneider-electric	140cpu67160s_firmware	*
schneider-electric	140cpu67160s	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB",
              "versionEndExcluding": "2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F",
              "versionEndExcluding": "3.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6FF401-ED15-45EE-9A84-171166BF4414",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B57B894-5AA4-4412-B425-7338CB2FFA3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CD95A2-9FAE-4A7E-8331-8904C0E0CE3D",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F56BA4-6A19-44FB-8555-7360C77F83AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5EEE1F8-0DCA-4D18-A022-5DBE980F3A16",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp576634m_:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F683564-419D-418B-A4D5-BB203F709DD7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED646076-2294-4253-92BF-B95D5D5E87A4",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5572E616-5D86-46FF-AEA7-4A12E66F0ED4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B1574C-2FC7-4A3C-B260-D8372A268F4A",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "853895C6-5EDF-4767-9653-F5F7826B4A7E",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC537593-1AB7-438E-AB71-EDB469A1DFF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9FBA4C-DA99-4F22-9168-ECD281B090C3",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE60505D-0211-4E8C-B32C-988E25698B1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57354m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7766E8-40EB-4C72-8234-C8D997F98F6C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57354m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE46047-D9AF-4720-A130-A0F989423F82",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9246F10-84D1-4AE0-BF1A-B61EA1E965A2",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80500883-2825-46DD-8ED9-4F324A4494CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889586D3-B64F-42DA-8872-DD44C9790881",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EBCADE-8F8C-402B-8FB6-62237168E788",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B75D71-11CA-4DDF-849A-08A9D84C95AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E3F062-3874-4EB6-829B-285B428E982E",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA2094F4-976F-44FA-A7E5-93E20A80DA00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43BE3D1E-5F7D-409F-A932-073D5A566180",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E25651C-E4B5-47A2-A6CE-79F7ECAE246E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DEF9B5-6BC0-43A7-AD74-81F9D23BA843",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A5DCC8-9E3D-4919-9DE3-73FC8733E73D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E358F77-1F8F-4F2F-A54C-B5F2373EFEE6",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC8F0AB-C4A8-40B3-88E0-92F52EA05692",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56724F0C-2DA8-4710-9D82-EE51FA9B062C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "587226C6-6BE2-4A42-B593-34498F647B24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C6F04E-FEF7-4DA4-A819-7E4C3DA173F9",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9552C20-F295-4AB7-A44E-FB1072BAD1B3",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB8ACFC-C693-4C5A-B256-51FF0835FD69",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "370F0F62-AA12-496B-8107-EEC24B070621",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "164AEEA1-666F-428A-BFCB-5DEEEFE1D771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F31148-8213-4B01-AA48-D9D7C515E38A",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF2A7A3-89EF-480D-8E6E-20E11CF60A97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6E3B57D-062A-431D-B96F-28463DE757DF",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3870E952-7A32-43DA-8C66-DE43C862639B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "370F0F62-AA12-496B-8107-EEC24B070621",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "164AEEA1-666F-428A-BFCB-5DEEEFE1D771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "108BA75E-B7B4-4A51-9DB8-B928154DD51A",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D81FBC-7C66-4367-8A0F-7F96C09A56A4",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8230FD-0C0A-467C-9BAD-09257739D462",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4419CB2D-AABC-4F77-9C75-42ABA62CBA6B",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF97B5A6-960F-42BA-A397-09C819A3200C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D793BE48-1025-4C6C-8E7D-82E013DDDE5D",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E48F27-F241-4491-AFF7-8BD562F21A52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41654852-0E58-46CC-A734-F59FE9B83990",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C1C17A-9111-49B8-A2CE-3A2FB87616F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
    },
    {
      "lang": "es",
      "value": "CWE-754: existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (v\u00e9ase la notificaci\u00f3n de seguridad para versiones espec\u00edficas) que podr\u00eda causar una Denegaci\u00f3n de Servicio cuando se escriben bloques de memoria f\u00edsica espec\u00edficos usando Modbus TCP."
    }
  ],
  "id": "CVE-2019-6856",
  "lastModified": "2024-11-21T04:47:17.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-06T23:15:11.317",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-7794

Vulnerability from fkie_nvd - Published: 2020-01-06 23:15 - Updated: 2024-11-21 04:12

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-344-01	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-344-01	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	tsxh5744m_firmware	*
schneider-electric	tsxh5744m	-
schneider-electric	tsxh5724m_firmware	*
schneider-electric	tsxh5724m	-
schneider-electric	tsxp576634m_firmware	*
schneider-electric	tsxp576634m	-
schneider-electric	tsxp57554m_firmware	*
schneider-electric	tsxp57554m	-
schneider-electric	tsxp575634m_firmware	*
schneider-electric	tsxp575634m	-
schneider-electric	tsxp57454m_firmware	*
schneider-electric	tsxp57454m	-
schneider-electric	tsxp574634m_firmware	*
schneider-electric	tsxp574634m	-
schneider-electric	tsxp57354m_firmware	*
schneider-electric	tsxp57354m	-
schneider-electric	tsxp573634m_firmware	*
schneider-electric	tsxp573634m	-
schneider-electric	tsxp57304m_firmware	*
schneider-electric	tsxp57304m	-
schneider-electric	tsxp57254m_firmware	*
schneider-electric	tsxp57254m	-
schneider-electric	tsxp572634m_firmware	*
schneider-electric	tsxp572634m	-
schneider-electric	tsxp57204m_firmware	*
schneider-electric	tsxp57204m_	-
schneider-electric	tsxp571634m_firmware	*
schneider-electric	tsxp571634m	-
schneider-electric	tsxp57154m_firmware	*
schneider-electric	tsxp57154m	-
schneider-electric	tsxp57104m_firmware	*
schneider-electric	tsxp57104m	-
schneider-electric	140cpu65150_firmware	*
schneider-electric	140cpu65150	-
schneider-electric	140cpu65160_firmware	*
schneider-electric	140cpu65160	-
schneider-electric	140cpu65260_firmware	*
schneider-electric	140cpu65260	-
schneider-electric	140cpu67261_firmware	*
schneider-electric	140cpu67261	-
schneider-electric	140cpu67060_firmware	*
schneider-electric	140cpu67060	-
schneider-electric	140cpu67160_firmware	*
schneider-electric	140cpu67160	-
schneider-electric	140cpu67261_firmware	*
schneider-electric	140cpu67261	-
schneider-electric	140cpu67260_firmware	*
schneider-electric	140cpu67260	-
schneider-electric	140cpu65860_firmware	*
schneider-electric	140cpu65860	-
schneider-electric	140cpu67861_firmware	*
schneider-electric	140cpu67861	-
schneider-electric	140cpu65160s_firmware	*
schneider-electric	140cpu65160s	-
schneider-electric	140cpu67160s_firmware	*
schneider-electric	140cpu67160s	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB",
              "versionEndExcluding": "2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F",
              "versionEndExcluding": "3.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6FF401-ED15-45EE-9A84-171166BF4414",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B57B894-5AA4-4412-B425-7338CB2FFA3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CD95A2-9FAE-4A7E-8331-8904C0E0CE3D",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F56BA4-6A19-44FB-8555-7360C77F83AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5EEE1F8-0DCA-4D18-A022-5DBE980F3A16",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp576634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71146321-B31B-4C5B-A600-2E414D84916E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED646076-2294-4253-92BF-B95D5D5E87A4",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5572E616-5D86-46FF-AEA7-4A12E66F0ED4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B1574C-2FC7-4A3C-B260-D8372A268F4A",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "853895C6-5EDF-4767-9653-F5F7826B4A7E",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC537593-1AB7-438E-AB71-EDB469A1DFF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9FBA4C-DA99-4F22-9168-ECD281B090C3",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE60505D-0211-4E8C-B32C-988E25698B1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57354m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7766E8-40EB-4C72-8234-C8D997F98F6C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57354m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE46047-D9AF-4720-A130-A0F989423F82",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9246F10-84D1-4AE0-BF1A-B61EA1E965A2",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80500883-2825-46DD-8ED9-4F324A4494CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889586D3-B64F-42DA-8872-DD44C9790881",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6EBCADE-8F8C-402B-8FB6-62237168E788",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B75D71-11CA-4DDF-849A-08A9D84C95AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E3F062-3874-4EB6-829B-285B428E982E",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA2094F4-976F-44FA-A7E5-93E20A80DA00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43BE3D1E-5F7D-409F-A932-073D5A566180",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E25651C-E4B5-47A2-A6CE-79F7ECAE246E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DEF9B5-6BC0-43A7-AD74-81F9D23BA843",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A5DCC8-9E3D-4919-9DE3-73FC8733E73D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E358F77-1F8F-4F2F-A54C-B5F2373EFEE6",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC8F0AB-C4A8-40B3-88E0-92F52EA05692",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56724F0C-2DA8-4710-9D82-EE51FA9B062C",
              "versionEndExcluding": "3.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "587226C6-6BE2-4A42-B593-34498F647B24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C6F04E-FEF7-4DA4-A819-7E4C3DA173F9",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9552C20-F295-4AB7-A44E-FB1072BAD1B3",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB8ACFC-C693-4C5A-B256-51FF0835FD69",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "370F0F62-AA12-496B-8107-EEC24B070621",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "164AEEA1-666F-428A-BFCB-5DEEEFE1D771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F31148-8213-4B01-AA48-D9D7C515E38A",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF2A7A3-89EF-480D-8E6E-20E11CF60A97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6E3B57D-062A-431D-B96F-28463DE757DF",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3870E952-7A32-43DA-8C66-DE43C862639B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "370F0F62-AA12-496B-8107-EEC24B070621",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "164AEEA1-666F-428A-BFCB-5DEEEFE1D771",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "108BA75E-B7B4-4A51-9DB8-B928154DD51A",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D81FBC-7C66-4367-8A0F-7F96C09A56A4",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8230FD-0C0A-467C-9BAD-09257739D462",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4419CB2D-AABC-4F77-9C75-42ABA62CBA6B",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF97B5A6-960F-42BA-A397-09C819A3200C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D793BE48-1025-4C6C-8E7D-82E013DDDE5D",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E48F27-F241-4491-AFF7-8BD562F21A52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41654852-0E58-46CC-A734-F59FE9B83990",
              "versionEndExcluding": "3.52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C1C17A-9111-49B8-A2CE-3A2FB87616F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
    },
    {
      "lang": "es",
      "value": "CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (v\u00e9ase la notificaci\u00f3n de seguridad para versiones espec\u00edficas) que podr\u00eda causar una Denegaci\u00f3n de Servicio cuando se leen datos con \u00edndice no v\u00e1lido usando Modbus TCP."
    }
  ],
  "id": "CVE-2018-7794",
  "lastModified": "2024-11-21T04:12:44.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-06T23:15:10.893",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6850

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	-
schneider-electric	modicon_m580	-
schneider-electric	modicon_bmenoc_0311_firmware	-
schneider-electric	modicon_bmenoc_0311	-
schneider-electric	modicon_bmenoc_0321_firmware	-
schneider-electric	modicon_bmenoc_0321	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module."
    },
    {
      "lang": "es",
      "value": "Una CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Modicon M580, Modicon BMENOC 0311 y Modicon BMENOC 0321, lo que podr\u00eda causar la divulgaci\u00f3n de informaci\u00f3n confidencial cuando se leen registros espec\u00edficos con la API REST del m\u00f3dulo controlador y de comunicaci\u00f3n."
    }
  ],
  "id": "CVE-2019-6850",
  "lastModified": "2024-11-21T04:47:16.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.487",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6848

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-281-04/
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-281-04/

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	-
schneider-electric	modicon_m580	-
schneider-electric	modicon_bmenoc_0311_firmware	-
schneider-electric	modicon_bmenoc_0311	-
schneider-electric	modicon_bmenoc_0321_firmware	-
schneider-electric	modicon_bmenoc_0321	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en la CPU Modicon M580 (BMEx58*) y en el m\u00f3dulo de comunicaci\u00f3n Modicon M580 (BMENOC0311, BMENOC0321) (consulte la notificaci\u00f3n para obtener informaci\u00f3n sobre la versi\u00f3n), que podr\u00eda provocar un ataque de denegaci\u00f3n de servicio en el PLC al enviar datos espec\u00edficos en la API REST del controlador/m\u00f3dulo de comunicaci\u00f3n"
    }
  ],
  "id": "CVE-2019-6848",
  "lastModified": "2024-11-21T04:47:16.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.330",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6847

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_bmxcra_firmware	*
schneider-electric	modicon_bmxcra	-
schneider-electric	modicon_140cra_firmware	*
schneider-electric	modicon_140cra	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en los m\u00f3dulos Modicon M580, Modicon M340, Modicon BMxCRA y 140CRA (todas las versiones de firmware), que podr\u00eda causar un ataque de denegaci\u00f3n de servicio en el servicio FTP al actualizar el firmware con una versi\u00f3n incompatible con la aplicaci\u00f3n en el controlador utilizando el protocolo FTP"
    }
  ],
  "id": "CVE-2019-6847",
  "lastModified": "2024-11-21T04:47:16.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.267",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6846

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_bmxcra_firmware	*
schneider-electric	modicon_bmxcra	-
schneider-electric	modicon_140cra_firmware	*
schneider-electric	modicon_140cra	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
    },
    {
      "lang": "es",
      "value": "Una CWE-319: Existe una vulnerabilidad de Transmisi\u00f3n de Texto Sin Cifrar de Informaci\u00f3n Confidencial en Modicon M580, Modicon M340, Modicon BMxCRA y los m\u00f3dulos 140CRA (todas las versiones de firmware), que podr\u00edan causar una divulgaci\u00f3n de informaci\u00f3n cuando se utiliza el protocolo FTP."
    }
  ],
  "id": "CVE-2019-6846",
  "lastModified": "2024-11-21T04:47:16.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.187",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6851

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	tsxmcpc002m_firmware	*
schneider-electric	tsxmcpc002m	-
schneider-electric	tsxmcpc512k_firmware	*
schneider-electric	tsxmcpc512k	-
schneider-electric	tsxmfpp001m_firmware	*
schneider-electric	tsxmfpp001m	-
schneider-electric	tsxmfpp002m_firmware	*
schneider-electric	tsxmfpp002m	-
schneider-electric	tsxmfpp004m_firmware	*
schneider-electric	tsxmfpp004m	-
schneider-electric	tsxmfpp512k_firmware	*
schneider-electric	tsxmfpp512k	-
schneider-electric	tsxmrpc001m_firmware	*
schneider-electric	tsxmrpc001m	-
schneider-electric	tsxmrpc002m_firmware	*
schneider-electric	tsxmrpc002m	-
schneider-electric	tsxmrpc003m_firmware	*
schneider-electric	tsxmrpc003m	-
schneider-electric	tsxmrpc007m_firmware	*
schneider-electric	tsxmrpc007m	-
schneider-electric	tsxmrpc01m7_firmware	*
schneider-electric	tsxmrpc01m7	-
schneider-electric	tsxmrpc768k_firmware	*
schneider-electric	tsxmrpc768k	-
schneider-electric	tsxmrpf004m_firmware	*
schneider-electric	tsxmrpf004m	-
schneider-electric	tsxmrpf008m_firmware	*
schneider-electric	tsxmrpf008m	-
schneider-electric	tsxmcpc002m_firmware	*
schneider-electric	tsxmcpc002m	-
schneider-electric	tsxmcpc512k_firmware	*
schneider-electric	tsxmcpc512k	-
schneider-electric	tsxmfp0128p2_firmware	*
schneider-electric	tsxmfp0128p2	-
schneider-electric	tsxmfp064p2_firmware	*
schneider-electric	tsxmfp064p2	-
schneider-electric	tsxmfpp001m_firmware	*
schneider-electric	tsxmfpp001m	-
schneider-electric	tsxmfpp002m_firmware	*
schneider-electric	tsxmfpp002m	-
schneider-electric	tsxmfpp004m_firmware	*
schneider-electric	tsxmfpp004m	-
schneider-electric	tsxmfpp224k_firmware	*
schneider-electric	tsxmfpp224k	-
schneider-electric	tsxmfpp384k_firmware	*
schneider-electric	tsxmfpp384k	-
schneider-electric	tsxmfpp512k_firmware	*
schneider-electric	tsxmfpp512k	-
schneider-electric	tsxmrpc001m_firmware	*
schneider-electric	tsxmrpc001m	-
schneider-electric	tsxmrpc002m_firmware	*
schneider-electric	tsxmrpc002m	-
schneider-electric	tsxmrpc003m_firmware	*
schneider-electric	tsxmrpc003m	-
schneider-electric	tsxmrpc007m_firmware	*
schneider-electric	tsxmrpc007m	-
schneider-electric	tsxmrpc01m7_firmware	*
schneider-electric	tsxmrpc01m7	-
schneider-electric	tsxmrpc448k_firmware	*
schneider-electric	tsxmrpc448k	-
schneider-electric	tsxmrpc768k_firmware	*
schneider-electric	tsxmrpc768k	-
schneider-electric	tsxmrpf004m_firmware	*
schneider-electric	tsxmrpf004m	-
schneider-electric	tsxmrpf008m_firmware	*
schneider-electric	tsxmrpf008m	-
schneider-electric	tsxmrpp224k_firmware	*
schneider-electric	tsxmrpp224k	-
schneider-electric	tsxmrpp384k_firmware	*
schneider-electric	tsxmrpp384k	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "301352E1-734A-4146-B3A7-DC67E5A5DE4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AECCE4B-89AF-457A-AF7C-38A21CB27AC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA72967-68F7-4DB6-BCA5-C05A10475A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0DE12C-DDC7-418B-9D62-AF0BF8320810",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A45435-BE2E-4F3E-926F-B38209065326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79E71DD-7F2D-4AF9-BA89-844C8D7A1303",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7DA4CC-D16E-49C0-9297-C44ADDA3C457",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8DBAAD-F0D3-48B0-8741-C26395581EF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F0ECE5-F3C2-4C91-B43C-AA2D14AE1261",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A348410-7EBF-4C5F-BDCD-C61591D5949A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1E91A3-0724-43C7-85D9-5BA53578F3E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "103F2879-3237-4B4C-8DDF-12AFFD7A4E9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "856AE9FF-BCC0-408A-9755-07AD3E9384A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE67123F-BC48-4959-806C-635366739C3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D854FCA-1379-4447-992B-901A6F6E7659",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB05C3C-CC9B-4EA3-BA57-EF81674871ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5C0243-85DE-42A1-8477-579D7EF41C42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A45ED40-D99F-4EAD-A791-BC0AE48922C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3774E012-BC3A-4FA6-82EE-B34921D35379",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19120A7F-C591-4369-B6C6-997B4762AF51",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B34C814-9CF5-44D6-85E3-C23CB119BC52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C23B45-A8E6-46C1-8E8A-20AADAD60CF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A115266-912E-4C1C-8493-806755481B7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC774858-FC2A-4106-915B-D70ADD402A02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "076CA818-CE2B-4B6F-9B48-2BD1F24027A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268A8629-61EE-43A6-8486-AE18CB0CCB26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D0B5F7-B355-4341-AEF8-2B8B0E7E930E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33BC0F8-F9E0-4E31-84A4-6A36E9773E71",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "301352E1-734A-4146-B3A7-DC67E5A5DE4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AECCE4B-89AF-457A-AF7C-38A21CB27AC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA72967-68F7-4DB6-BCA5-C05A10475A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0DE12C-DDC7-418B-9D62-AF0BF8320810",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfp0128p2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F120930-40B2-4AFA-9526-BCD3A184653E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfp0128p2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "319EE89F-82EF-4D4B-8951-9E2A743D0A73",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfp064p2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58BD2-522C-4435-AAB3-C0B6B3437C17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfp064p2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01C2B246-85A0-401F-BE6E-EF0123353582",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A45435-BE2E-4F3E-926F-B38209065326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79E71DD-7F2D-4AF9-BA89-844C8D7A1303",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7DA4CC-D16E-49C0-9297-C44ADDA3C457",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8DBAAD-F0D3-48B0-8741-C26395581EF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F0ECE5-F3C2-4C91-B43C-AA2D14AE1261",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A348410-7EBF-4C5F-BDCD-C61591D5949A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp224k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1B1586-BBAC-4794-B9C8-163BA77BEFDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp224k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E0096FF-28C9-4BFB-B295-5BD991C2E376",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp384k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "322D1433-F3A7-48B4-8333-44ACE7B51782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp384k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB7F7E5-60EA-446F-97D2-4FD8E84CF8A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1E91A3-0724-43C7-85D9-5BA53578F3E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "103F2879-3237-4B4C-8DDF-12AFFD7A4E9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "856AE9FF-BCC0-408A-9755-07AD3E9384A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE67123F-BC48-4959-806C-635366739C3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D854FCA-1379-4447-992B-901A6F6E7659",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB05C3C-CC9B-4EA3-BA57-EF81674871ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5C0243-85DE-42A1-8477-579D7EF41C42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A45ED40-D99F-4EAD-A791-BC0AE48922C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3774E012-BC3A-4FA6-82EE-B34921D35379",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19120A7F-C591-4369-B6C6-997B4762AF51",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B34C814-9CF5-44D6-85E3-C23CB119BC52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C23B45-A8E6-46C1-8E8A-20AADAD60CF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc448k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CFB281-8648-46CF-8F2F-9A58E82C5981",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc448k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D768A563-B74F-4A12-B590-7367BFCA06FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A115266-912E-4C1C-8493-806755481B7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC774858-FC2A-4106-915B-D70ADD402A02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "076CA818-CE2B-4B6F-9B48-2BD1F24027A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268A8629-61EE-43A6-8486-AE18CB0CCB26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D0B5F7-B355-4341-AEF8-2B8B0E7E930E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33BC0F8-F9E0-4E31-84A4-6A36E9773E71",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpp224k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6C62715-92C9-47F0-9A64-1A369EC595FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpp224k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5CED48-588F-4A62-9429-4583087299F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpp384k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B8D0BFD-FF72-4097-BFA7-437129932DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpp384k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AE9429A-8797-4D10-99DE-8AC9449B8255",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol."
    },
    {
      "lang": "es",
      "value": "CWE-538: Hay una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n de Archivos y Directorios en Modicon M580, Modicon M340, Modicon Premium, Modicon Quantum (todas las versiones de firmware), lo que podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n del controlador cuando se usa el protocolo TFTP."
    }
  ],
  "id": "CVE-2019-6851",
  "lastModified": "2024-11-21T04:47:16.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.563",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-538"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6844

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_bmxcra_firmware	*
schneider-electric	modicon_bmxcra	-
schneider-electric	modicon_140cra_firmware	*
schneider-electric	modicon_140cra	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en Modicon M580, Modicon M340, Modicon BMxCRA y los m\u00f3dulos 140CRA (todas las versiones de firmware), lo que podr\u00eda causar un ataque de Denegaci\u00f3n de Servicio en el PLC cuando se actualiza el controlador con un paquete de firmware que contiene una imagen del servidor web no v\u00e1lida usando el protocolo FTP"
    }
  ],
  "id": "CVE-2019-6844",
  "lastModified": "2024-11-21T04:47:15.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.047",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6845

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	tsxmcpc002m_firmware	*
schneider-electric	tsxmcpc002m	-
schneider-electric	tsxmcpc512k_firmware	*
schneider-electric	tsxmcpc512k	-
schneider-electric	tsxmfpp001m_firmware	*
schneider-electric	tsxmfpp001m	-
schneider-electric	tsxmfpp002m_firmware	*
schneider-electric	tsxmfpp002m	-
schneider-electric	tsxmfpp004m_firmware	*
schneider-electric	tsxmfpp004m	-
schneider-electric	tsxmfpp512k_firmware	*
schneider-electric	tsxmfpp512k	-
schneider-electric	tsxmrpc001m_firmware	*
schneider-electric	tsxmrpc001m	-
schneider-electric	tsxmrpc002m_firmware	*
schneider-electric	tsxmrpc002m	-
schneider-electric	tsxmrpc003m_firmware	*
schneider-electric	tsxmrpc003m	-
schneider-electric	tsxmrpc007m_firmware	*
schneider-electric	tsxmrpc007m	-
schneider-electric	tsxmrpc01m7_firmware	*
schneider-electric	tsxmrpc01m7	-
schneider-electric	tsxmrpc768k_firmware	*
schneider-electric	tsxmrpc768k	-
schneider-electric	tsxmrpf004m_firmware	*
schneider-electric	tsxmrpf004m	-
schneider-electric	tsxmrpf008m_firmware	*
schneider-electric	tsxmrpf008m	-
schneider-electric	tsxmcpc002m_firmware	*
schneider-electric	tsxmcpc002m	-
schneider-electric	tsxmcpc512k_firmware	*
schneider-electric	tsxmcpc512k	-
schneider-electric	tsxmfp0128p2_firmware	*
schneider-electric	tsxmfp0128p2	-
schneider-electric	tsxmfp064p2_firmware	*
schneider-electric	tsxmfp064p2	-
schneider-electric	tsxmfpp001m_firmware	*
schneider-electric	tsxmfpp001m	-
schneider-electric	tsxmfpp002m_firmware	*
schneider-electric	tsxmfpp002m	-
schneider-electric	tsxmfpp004m_firmware	*
schneider-electric	tsxmfpp004m	-
schneider-electric	tsxmfpp224k_firmware	*
schneider-electric	tsxmfpp224k	-
schneider-electric	tsxmfpp384k_firmware	*
schneider-electric	tsxmfpp384k	-
schneider-electric	tsxmfpp512k_firmware	*
schneider-electric	tsxmfpp512k	-
schneider-electric	tsxmrpc001m_firmware	*
schneider-electric	tsxmrpc001m	-
schneider-electric	tsxmrpc002m_firmware	*
schneider-electric	tsxmrpc002m	-
schneider-electric	tsxmrpc003m_firmware	*
schneider-electric	tsxmrpc003m	-
schneider-electric	tsxmrpc007m_firmware	*
schneider-electric	tsxmrpc007m	-
schneider-electric	tsxmrpc01m7_firmware	*
schneider-electric	tsxmrpc01m7	-
schneider-electric	tsxmrpc448k_firmware	*
schneider-electric	tsxmrpc448k	-
schneider-electric	tsxmrpc768k_firmware	*
schneider-electric	tsxmrpc768k	-
schneider-electric	tsxmrpf004m_firmware	*
schneider-electric	tsxmrpf004m	-
schneider-electric	tsxmrpf008m_firmware	*
schneider-electric	tsxmrpf008m	-
schneider-electric	tsxmrpp224k_firmware	*
schneider-electric	tsxmrpp224k	-
schneider-electric	tsxmrpp384k_firmware	*
schneider-electric	tsxmrpp384k	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "301352E1-734A-4146-B3A7-DC67E5A5DE4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AECCE4B-89AF-457A-AF7C-38A21CB27AC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA72967-68F7-4DB6-BCA5-C05A10475A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0DE12C-DDC7-418B-9D62-AF0BF8320810",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A45435-BE2E-4F3E-926F-B38209065326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79E71DD-7F2D-4AF9-BA89-844C8D7A1303",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7DA4CC-D16E-49C0-9297-C44ADDA3C457",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8DBAAD-F0D3-48B0-8741-C26395581EF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F0ECE5-F3C2-4C91-B43C-AA2D14AE1261",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A348410-7EBF-4C5F-BDCD-C61591D5949A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1E91A3-0724-43C7-85D9-5BA53578F3E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "103F2879-3237-4B4C-8DDF-12AFFD7A4E9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "856AE9FF-BCC0-408A-9755-07AD3E9384A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE67123F-BC48-4959-806C-635366739C3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D854FCA-1379-4447-992B-901A6F6E7659",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB05C3C-CC9B-4EA3-BA57-EF81674871ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5C0243-85DE-42A1-8477-579D7EF41C42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A45ED40-D99F-4EAD-A791-BC0AE48922C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3774E012-BC3A-4FA6-82EE-B34921D35379",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19120A7F-C591-4369-B6C6-997B4762AF51",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B34C814-9CF5-44D6-85E3-C23CB119BC52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C23B45-A8E6-46C1-8E8A-20AADAD60CF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A115266-912E-4C1C-8493-806755481B7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC774858-FC2A-4106-915B-D70ADD402A02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "076CA818-CE2B-4B6F-9B48-2BD1F24027A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268A8629-61EE-43A6-8486-AE18CB0CCB26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D0B5F7-B355-4341-AEF8-2B8B0E7E930E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33BC0F8-F9E0-4E31-84A4-6A36E9773E71",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "301352E1-734A-4146-B3A7-DC67E5A5DE4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AECCE4B-89AF-457A-AF7C-38A21CB27AC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmcpc512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA72967-68F7-4DB6-BCA5-C05A10475A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmcpc512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0DE12C-DDC7-418B-9D62-AF0BF8320810",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfp0128p2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F120930-40B2-4AFA-9526-BCD3A184653E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfp0128p2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "319EE89F-82EF-4D4B-8951-9E2A743D0A73",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfp064p2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58BD2-522C-4435-AAB3-C0B6B3437C17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfp064p2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01C2B246-85A0-401F-BE6E-EF0123353582",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A45435-BE2E-4F3E-926F-B38209065326",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79E71DD-7F2D-4AF9-BA89-844C8D7A1303",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7DA4CC-D16E-49C0-9297-C44ADDA3C457",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8DBAAD-F0D3-48B0-8741-C26395581EF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F0ECE5-F3C2-4C91-B43C-AA2D14AE1261",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A348410-7EBF-4C5F-BDCD-C61591D5949A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp224k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1B1586-BBAC-4794-B9C8-163BA77BEFDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp224k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E0096FF-28C9-4BFB-B295-5BD991C2E376",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp384k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "322D1433-F3A7-48B4-8333-44ACE7B51782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp384k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB7F7E5-60EA-446F-97D2-4FD8E84CF8A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmfpp512k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1E91A3-0724-43C7-85D9-5BA53578F3E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmfpp512k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "103F2879-3237-4B4C-8DDF-12AFFD7A4E9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc001m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "856AE9FF-BCC0-408A-9755-07AD3E9384A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc001m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE67123F-BC48-4959-806C-635366739C3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc002m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D854FCA-1379-4447-992B-901A6F6E7659",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc002m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB05C3C-CC9B-4EA3-BA57-EF81674871ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc003m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5C0243-85DE-42A1-8477-579D7EF41C42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc003m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A45ED40-D99F-4EAD-A791-BC0AE48922C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc007m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3774E012-BC3A-4FA6-82EE-B34921D35379",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc007m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19120A7F-C591-4369-B6C6-997B4762AF51",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc01m7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B34C814-9CF5-44D6-85E3-C23CB119BC52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc01m7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C23B45-A8E6-46C1-8E8A-20AADAD60CF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc448k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CFB281-8648-46CF-8F2F-9A58E82C5981",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc448k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D768A563-B74F-4A12-B590-7367BFCA06FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpc768k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A115266-912E-4C1C-8493-806755481B7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpc768k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC774858-FC2A-4106-915B-D70ADD402A02",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf004m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "076CA818-CE2B-4B6F-9B48-2BD1F24027A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf004m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268A8629-61EE-43A6-8486-AE18CB0CCB26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpf008m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D0B5F7-B355-4341-AEF8-2B8B0E7E930E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpf008m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33BC0F8-F9E0-4E31-84A4-6A36E9773E71",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpp224k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6C62715-92C9-47F0-9A64-1A369EC595FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpp224k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF5CED48-588F-4A62-9429-4583087299F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsxmrpp384k_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B8D0BFD-FF72-4097-BFA7-437129932DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsxmrpp384k:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AE9429A-8797-4D10-99DE-8AC9449B8255",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol."
    },
    {
      "lang": "es",
      "value": "Una CWE-319: existe una vulnerabilidad de Transmisi\u00f3n de Texto Sin Cifrar de Informaci\u00f3n Confidencial en Modicon M580, Modicon M340, Modicon Premium, Modicon Quantum (todas las versiones de firmware), lo que podr\u00eda causar una divulgaci\u00f3n de informaci\u00f3n cuando se transfieren aplicaciones al controlador usando el protocolo Modbus TCP."
    }
  ],
  "id": "CVE-2019-6845",
  "lastModified": "2024-11-21T04:47:16.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.127",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6849

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	-
schneider-electric	modicon_m580	-
schneider-electric	modicon_bmenoc_0311_firmware	-
schneider-electric	modicon_bmenoc_0311	-
schneider-electric	modicon_bmenoc_0321_firmware	-
schneider-electric	modicon_bmenoc_0321	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module."
    },
    {
      "lang": "es",
      "value": "Una CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Modicon M580, Modicon BMENOC 0311 y Modicon BMENOC 0321, lo que podr\u00eda causar la divulgaci\u00f3n de informaci\u00f3n confidencial cuando son usados servicios Modbus espec\u00edficos proporcionados por la API REST del m\u00f3dulo controlador y de comunicaci\u00f3n."
    }
  ],
  "id": "CVE-2019-6849",
  "lastModified": "2024-11-21T04:47:16.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:22.407",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6842

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_bmxcra_firmware	*
schneider-electric	modicon_bmxcra	-
schneider-electric	modicon_140cra_firmware	*
schneider-electric	modicon_140cra	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en los m\u00f3dulos Modicon M580, Modicon M340, Modicon BMxCRA y 140CRA (todas las versiones de firmware), que podr\u00eda causar un ataque de denegaci\u00f3n de servicio en el PLC al actualizar el firmware con una imagen de servidor web faltante dentro del paquete utilizando el protocolo FTP"
    }
  ],
  "id": "CVE-2019-6842",
  "lastModified": "2024-11-21T04:47:15.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:21.923",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6843

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_bmxcra_firmware	*
schneider-electric	modicon_bmxcra	-
schneider-electric	modicon_140cra_firmware	*
schneider-electric	modicon_140cra	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en Modicon M580 con firmware (versi\u00f3n anterior a V3.10), Modicon M340 (todas las versiones de firmware) y m\u00f3dulos Modicon BMxCRA y 140CRA (todas las versiones de firmware), que podr\u00eda causar un ataque de denegaci\u00f3n de servicio en el PLC al actualizar el controlador con un paquete de firmware vac\u00edo utilizando el protocolo FTP"
    }
  ],
  "id": "CVE-2019-6843",
  "lastModified": "2024-11-21T04:47:15.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:21.987",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-6841

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:47

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2019-281-02/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modicon_m580_firmware	*
schneider-electric	modicon_m580	-
schneider-electric	modicon_m340_firmware	*
schneider-electric	modicon_m340	-
schneider-electric	modicon_bmxcra_firmware	*
schneider-electric	modicon_bmxcra	-
schneider-electric	modicon_140cra_firmware	*
schneider-electric	modicon_140cra	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en los m\u00f3dulos Modicon M580, Modicon M340, Modicon BMxCRA y 140CRA (todas las versiones de firmware), que podr\u00eda causar un ataque de denegaci\u00f3n de servicio en el PLC al actualizar el firmware con una imagen de servidor web faltante dentro del paquete utilizando el protocolo FTP"
    }
  ],
  "id": "CVE-2019-6841",
  "lastModified": "2024-11-21T04:47:15.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:21.830",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-25620 (GCVE-0-2023-25620)

Vulnerability from cvelistv5 – Published: 2023-04-19 08:17 – Updated: 2025-02-05 14:58

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

Vendor

Product

Version

Schneider Electric

Modicon M340 CPU (part numbers BMXP34*)

Affected: prior to SV3.51

Schneider Electric	Modicon M580 CPU (part numbers BMEP* and BMEH*)	Affected: prior to V4.10
Schneider Electric	Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)	Affected: All
Schneider Electric	Modicon Momentum Unity M1E Processor (171CBU*)	Affected: All
Schneider Electric	Modicon MC80 (BMKC80)	Affected: All
Schneider Electric	Legacy Modicon Quantum (140CPU65*)	Affected: All
Schneider Electric	Legacy Modicon Premium CPUs (TSXP57*)	Affected: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25620",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T14:57:44.416842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T14:58:06.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to SV3.51"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to V4.10"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon Momentum Unity M1E Processor (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Quantum (140CPU65*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Premium CPUs (TSXP57*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2023-04-10T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n"
            }
          ],
          "value": "\n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:15:17.732Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25620",
    "datePublished": "2023-04-19T08:17:57.240Z",
    "dateReserved": "2023-02-09T13:42:27.387Z",
    "dateUpdated": "2025-02-05T14:58:06.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-25619 (GCVE-0-2023-25619)

Vulnerability from cvelistv5 – Published: 2023-04-19 07:53 – Updated: 2025-02-05 15:08

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

Vendor

Product

Version

Schneider Electric

Modicon M340 CPU (part numbers BMXP34*)

Affected: prior to SV3.51

Schneider Electric	Modicon M580 CPU (part numbers BMEP* and BMEH*)	Affected: prior to V4.10
Schneider Electric	Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)	Affected: All
Schneider Electric	Modicon Momentum Unity M1E Processor (171CBU*)	Affected: All
Schneider Electric	Modicon MC80 (BMKC80)	Affected: All
Schneider Electric	Legacy Modicon Quantum (140CPU65*)	Affected: All
Schneider Electric	Legacy Modicon Premium CPUs (TSXP57*)	Affected: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-25619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T15:07:54.659345Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T15:08:51.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to SV3.51"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to V4.10"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon Momentum Unity M1E Processor (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Quantum (140CPU65*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Premium CPUs (TSXP57*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2023-04-10T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n"
            }
          ],
          "value": "\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:15:17.732Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25619",
    "datePublished": "2023-04-19T07:53:15.405Z",
    "dateReserved": "2023-02-09T13:42:27.387Z",
    "dateUpdated": "2025-02-05T15:08:51.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7475 (GCVE-0-2020-7475)

Vulnerability from cvelistv5 – Published: 2020-03-23 18:56 – Updated: 2024-08-04 09:33

Summary

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

Severity ?

No CVSS data available.

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Assigner

schneider

References

URL

Tags

http://www.se.com/ww/en/download/document/SEVD-20…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)	Affected: EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:18.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-23T18:56:18",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01",
              "refsource": "MISC",
              "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7475",
    "datePublished": "2020-03-23T18:56:18",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:18.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-7794 (GCVE-0-2018-7794)

Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2024-08-05 06:37

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Severity ?

No CVSS data available.

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)	Affected: Modicon M580 Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580"
            },
            {
              "status": "affected",
              "version": "Modicon M340"
            },
            {
              "status": "affected",
              "version": "Modicon Quantum"
            },
            {
              "status": "affected",
              "version": "Modicon Premium (see security notification for specific versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-06T22:57:09",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580"
                          },
                          {
                            "version_value": "Modicon M340"
                          },
                          {
                            "version_value": "Modicon Quantum"
                          },
                          {
                            "version_value": "Modicon Premium (see security notification for specific versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7794",
    "datePublished": "2020-01-06T22:57:09",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6857 (GCVE-0-2019-6857)

Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2024-08-04 20:31

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

Severity ?

No CVSS data available.

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

	https://www.se.com/ww/en/download/document/SEVD-2…	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)	Affected: Modicon M580 Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580"
            },
            {
              "status": "affected",
              "version": "Modicon M340"
            },
            {
              "status": "affected",
              "version": "Modicon Quantum"
            },
            {
              "status": "affected",
              "version": "Modicon Premium (see security notification for specific versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:03:43",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580"
                          },
                          {
                            "version_value": "Modicon M340"
                          },
                          {
                            "version_value": "Modicon Quantum"
                          },
                          {
                            "version_value": "Modicon Premium (see security notification for specific versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6857",
    "datePublished": "2020-01-06T22:57:05",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6856 (GCVE-0-2019-6856)

Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2024-08-04 20:31

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Severity ?

No CVSS data available.

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

	https://www.se.com/ww/en/download/document/SEVD-2…	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)	Affected: Modicon M580 Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580"
            },
            {
              "status": "affected",
              "version": "Modicon M340"
            },
            {
              "status": "affected",
              "version": "Modicon Quantum"
            },
            {
              "status": "affected",
              "version": "Modicon Premium (see security notification for specific versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:04:36",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580"
                          },
                          {
                            "version_value": "Modicon M340"
                          },
                          {
                            "version_value": "Modicon Quantum"
                          },
                          {
                            "version_value": "Modicon Premium (see security notification for specific versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6856",
    "datePublished": "2020-01-06T22:57:02",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6851 (GCVE-0-2019-6851)

Vulnerability from cvelistv5 – Published: 2019-10-29 14:55 – Updated: 2024-08-04 20:31

Summary

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

Severity ?

No CVSS data available.

CWE

CWE-538 - File and Directory Information Exposure

Assigner

schneider

References

URL

Tags

https://www.schneider-electric.com/ww/en/download…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)	Affected: Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538: File and Directory Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T14:55:35",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6851",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-538: File and Directory Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6851",
    "datePublished": "2019-10-29T14:55:35",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-25620 (GCVE-0-2023-25620)

Vulnerability from nvd – Published: 2023-04-19 08:17 – Updated: 2025-02-05 14:58

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

Vendor

Product

Version

Schneider Electric

Modicon M340 CPU (part numbers BMXP34*)

Affected: prior to SV3.51

Schneider Electric	Modicon M580 CPU (part numbers BMEP* and BMEH*)	Affected: prior to V4.10
Schneider Electric	Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)	Affected: All
Schneider Electric	Modicon Momentum Unity M1E Processor (171CBU*)	Affected: All
Schneider Electric	Modicon MC80 (BMKC80)	Affected: All
Schneider Electric	Legacy Modicon Quantum (140CPU65*)	Affected: All
Schneider Electric	Legacy Modicon Premium CPUs (TSXP57*)	Affected: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25620",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T14:57:44.416842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T14:58:06.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to SV3.51"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to V4.10"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon Momentum Unity M1E Processor (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Quantum (140CPU65*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Premium CPUs (TSXP57*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2023-04-10T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n"
            }
          ],
          "value": "\n\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when a malicious project file is loaded onto the\ncontroller by an authenticated user. \n\n \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:15:17.732Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25620",
    "datePublished": "2023-04-19T08:17:57.240Z",
    "dateReserved": "2023-02-09T13:42:27.387Z",
    "dateUpdated": "2025-02-05T14:58:06.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-25619 (GCVE-0-2023-25619)

Vulnerability from nvd – Published: 2023-04-19 07:53 – Updated: 2025-02-05 15:08

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

Vendor

Product

Version

Schneider Electric

Modicon M340 CPU (part numbers BMXP34*)

Affected: prior to SV3.51

Schneider Electric	Modicon M580 CPU (part numbers BMEP* and BMEH*)	Affected: prior to V4.10
Schneider Electric	Modicon M580 CPU Safety (part numbers BMEP58S and BMEH58S)	Affected: All
Schneider Electric	Modicon Momentum Unity M1E Processor (171CBU*)	Affected: All
Schneider Electric	Modicon MC80 (BMKC80)	Affected: All
Schneider Electric	Legacy Modicon Quantum (140CPU65*)	Affected: All
Schneider Electric	Legacy Modicon Premium CPUs (TSXP57*)	Affected: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-25619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T15:07:54.659345Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T15:08:51.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M340 CPU (part numbers BMXP34*) ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to SV3.51"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "prior to V4.10"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon Momentum Unity M1E Processor (171CBU*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modicon MC80 (BMKC80)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Quantum (140CPU65*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Legacy Modicon Premium CPUs (TSXP57*)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2023-04-10T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n"
            }
          ],
          "value": "\nA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that\ncould cause denial of service of the controller when communicating over the Modbus TCP\nprotocol. \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:15:17.732Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-25619",
    "datePublished": "2023-04-19T07:53:15.405Z",
    "dateReserved": "2023-02-09T13:42:27.387Z",
    "dateUpdated": "2025-02-05T15:08:51.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-7475 (GCVE-0-2020-7475)

Vulnerability from nvd – Published: 2020-03-23 18:56 – Updated: 2024-08-04 09:33

Summary

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

Severity ?

No CVSS data available.

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Assigner

schneider

References

URL

Tags

http://www.se.com/ww/en/download/document/SEVD-20…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)	Affected: EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:18.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-23T18:56:18",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2020-7475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01",
              "refsource": "MISC",
              "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2020-7475",
    "datePublished": "2020-03-23T18:56:18",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:18.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-7794 (GCVE-0-2018-7794)

Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2024-08-05 06:37

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Severity ?

No CVSS data available.

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)	Affected: Modicon M580 Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580"
            },
            {
              "status": "affected",
              "version": "Modicon M340"
            },
            {
              "status": "affected",
              "version": "Modicon Quantum"
            },
            {
              "status": "affected",
              "version": "Modicon Premium (see security notification for specific versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-06T22:57:09",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580"
                          },
                          {
                            "version_value": "Modicon M340"
                          },
                          {
                            "version_value": "Modicon Quantum"
                          },
                          {
                            "version_value": "Modicon Premium (see security notification for specific versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7794",
    "datePublished": "2020-01-06T22:57:09",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6857 (GCVE-0-2019-6857)

Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2024-08-04 20:31

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

Severity ?

No CVSS data available.

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

	https://www.se.com/ww/en/download/document/SEVD-2…	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)	Affected: Modicon M580 Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580"
            },
            {
              "status": "affected",
              "version": "Modicon M340"
            },
            {
              "status": "affected",
              "version": "Modicon Quantum"
            },
            {
              "status": "affected",
              "version": "Modicon Premium (see security notification for specific versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:03:43",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580"
                          },
                          {
                            "version_value": "Modicon M340"
                          },
                          {
                            "version_value": "Modicon Quantum"
                          },
                          {
                            "version_value": "Modicon Premium (see security notification for specific versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6857",
    "datePublished": "2020-01-06T22:57:05",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6856 (GCVE-0-2019-6856)

Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2024-08-04 20:31

Summary

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Severity ?

No CVSS data available.

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

	https://www.se.com/ww/en/download/document/SEVD-2…	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Schneider Electric SE	Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)	Affected: Modicon M580 Affected: Modicon M340 Affected: Modicon Quantum Affected: Modicon Premium (see security notification for specific versions)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:04.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
          "vendor": "Schneider Electric SE",
          "versions": [
            {
              "status": "affected",
              "version": "Modicon M580"
            },
            {
              "status": "affected",
              "version": "Modicon M340"
            },
            {
              "status": "affected",
              "version": "Modicon Quantum"
            },
            {
              "status": "affected",
              "version": "Modicon Premium (see security notification for specific versions)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T23:04:36",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2019-6856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Modicon M580"
                          },
                          {
                            "version_value": "Modicon M340"
                          },
                          {
                            "version_value": "Modicon Quantum"
                          },
                          {
                            "version_value": "Modicon Premium (see security notification for specific versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
              "refsource": "CONFIRM",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2019-6856",
    "datePublished": "2020-01-06T22:57:02",
    "dateReserved": "2019-01-25T00:00:00",
    "dateUpdated": "2024-08-04T20:31:04.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

123 vulnerabilities found for modicon_m580_firmware by schneider-electric

CVE-2023-25620 (GCVE-0-2023-25620)

CVE-2023-25619 (GCVE-0-2023-25619)

CVE-2020-7475 (GCVE-0-2020-7475)

CVE-2018-7794 (GCVE-0-2018-7794)

CVE-2019-6857 (GCVE-0-2019-6857)

CVE-2019-6856 (GCVE-0-2019-6856)

CVE-2019-6851 (GCVE-0-2019-6851)

CVE-2023-25620 (GCVE-0-2023-25620)

CVE-2023-25619 (GCVE-0-2023-25619)

CVE-2020-7475 (GCVE-0-2020-7475)

CVE-2018-7794 (GCVE-0-2018-7794)

CVE-2019-6857 (GCVE-0-2019-6857)

CVE-2019-6856 (GCVE-0-2019-6856)