Sign-up

ID

VAR-201905-0029


CVE

CVE-2019-6807


TITLE

plural  Modicon  Product Exceptional State Handling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004754

DESCRIPTION

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Security vulnerabilities exist in several Schneider Electric products. An attacker could exploit the vulnerability to cause a denial of service. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 2.52

sources: NVD: CVE-2019-6807 // JVNDB: JVNDB-2019-004754 // CNVD: CNVD-2019-15737 // IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae // VULHUB: VHN-158242 // VULMON: CVE-2019-6807

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae // CNVD: CNVD-2019-15737

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m580scope:ltversion:2.90

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.10

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m580scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon m340scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope: - version: -

Trust: 0.6

vendor:modicon premiummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon quantummodel: - scope:eqversion:*

Trust: 0.2

vendor:modicon m340model: - scope:eqversion:*

Trust: 0.2

vendor:modicon m580model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae // CNVD: CNVD-2019-15737 // JVNDB: JVNDB-2019-004754 // NVD: CVE-2019-6807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6807
value: HIGH

Trust: 1.0

NVD: CVE-2019-6807
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15737
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-944
value: HIGH

Trust: 0.6

IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae
value: HIGH

Trust: 0.2

VULHUB: VHN-158242
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-6807
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6807
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-15737
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-158242
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6807
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6807
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae // CNVD: CNVD-2019-15737 // VULHUB: VHN-158242 // VULMON: CVE-2019-6807 // JVNDB: JVNDB-2019-004754 // CNNVD: CNNVD-201905-944 // NVD: CVE-2019-6807

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-754

Trust: 0.1

sources: VULHUB: VHN-158242 // JVNDB: JVNDB-2019-004754 // NVD: CVE-2019-6807

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-944

TYPE

Code problem

Trust: 0.8

sources: IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae // CNNVD: CNNVD-201905-944

PATCH

title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

Trust: 0.8

sources: JVNDB: JVNDB-2019-004754

EXTERNAL IDS

db:NVDid:CVE-2019-6807

Trust: 4.2

db:SCHNEIDERid:SEVD-2019-134-11

Trust: 1.8

db:TALOSid:TALOS-2019-0770

Trust: 1.8

db:CNNVDid:CNNVD-201905-944

Trust: 0.9

db:CNVDid:CNVD-2019-15737

Trust: 0.8

db:ICS CERTid:ICSA-25-114-01

Trust: 0.8

db:JVNid:JVNVU92254859

Trust: 0.8

db:JVNDBid:JVNDB-2019-004754

Trust: 0.8

db:IVDid:562EB6C3-7BBB-4373-89A4-8E0D764AD4AE

Trust: 0.2

db:VULHUBid:VHN-158242

Trust: 0.1

db:VULMONid:CVE-2019-6807

Trust: 0.1

sources: IVD: 562eb6c3-7bbb-4373-89a4-8e0d764ad4ae // CNVD: CNVD-2019-15737 // VULHUB: VHN-158242 // VULMON: CVE-2019-6807 // JVNDB: JVNDB-2019-004754 // CNNVD: CNNVD-201905-944 // NVD: CVE-2019-6807

REFERENCES

url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/

Trust: 1.8

url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0770

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6807

Trust: 1.4

url:https://jvn.jp/vu/jvnvu92254859/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01

Trust: 0.8

url:https://web.nvd.nist.gov//vuln/detail/cve-2019-6807

Trust: 0.6

url:https://talosintelligence.com/vulnerability_reports/talos-2019-0770

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2019-15737 // VULHUB: VHN-158242 // VULMON: CVE-2019-6807 // JVNDB: JVNDB-2019-004754 // CNNVD: CNNVD-201905-944 // NVD: CVE-2019-6807

CREDITS

Discovered by Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201905-944

SOURCES

db:IVDid:562eb6c3-7bbb-4373-89a4-8e0d764ad4ae
db:CNVDid:CNVD-2019-15737
db:VULHUBid:VHN-158242
db:VULMONid:CVE-2019-6807
db:JVNDBid:JVNDB-2019-004754
db:CNNVDid:CNNVD-201905-944
db:NVDid:CVE-2019-6807

LAST UPDATE DATE

2025-04-30T22:46:30.130000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-15737date:2019-05-29T00:00:00
db:VULHUBid:VHN-158242date:2019-06-10T00:00:00
db:VULMONid:CVE-2019-6807date:2022-02-03T00:00:00
db:JVNDBid:JVNDB-2019-004754date:2025-04-28T08:23:00
db:CNNVDid:CNNVD-201905-944date:2022-03-10T00:00:00
db:NVDid:CVE-2019-6807date:2024-11-21T04:47:11.900

SOURCES RELEASE DATE

db:IVDid:562eb6c3-7bbb-4373-89a4-8e0d764ad4aedate:2019-05-29T00:00:00
db:CNVDid:CNVD-2019-15737date:2019-05-29T00:00:00
db:VULHUBid:VHN-158242date:2019-05-22T00:00:00
db:VULMONid:CVE-2019-6807date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2019-004754date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-944date:2019-05-22T00:00:00
db:NVDid:CVE-2019-6807date:2019-05-22T21:29:00.667