Details of VAR-201907-1652

ID

VAR-201907-1652

TITLE

Schneider Electric M340 PLC has a denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-21280

DESCRIPTION

M340 is a medium-sized PLC of Schneider Electric, which has a wide range of applications in the field of industrial control in China. A denial of service vulnerability exists in the Schneider Electric M340 PLC. The attacker sends a port 80 by constructing a special message, which can cause the web service to refuse to respond

Trust: 0.72

sources: CNVD: CNVD-2019-21280 // IVD: 195d0d95-6543-455e-a035-69fe44e966c4

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 195d0d95-6543-455e-a035-69fe44e966c4 // CNVD: CNVD-2019-21280

AFFECTED PRODUCTS

vendor:

schneider

model:

electric m340

scope:

version:

v2.9

Trust: 0.8

sources: IVD: 195d0d95-6543-455e-a035-69fe44e966c4 // CNVD: CNVD-2019-21280

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-21280
value:	HIGH
Trust: 0.6
IVD:	195d0d95-6543-455e-a035-69fe44e966c4
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2019-21280
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	195d0d95-6543-455e-a035-69fe44e966c4
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 195d0d95-6543-455e-a035-69fe44e966c4 // CNVD: CNVD-2019-21280

TYPE

Denial of service

Trust: 0.2

sources: IVD: 195d0d95-6543-455e-a035-69fe44e966c4

PATCH

title:

Schneider M340 PLC has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/165105

Trust: 0.6

sources: CNVD: CNVD-2019-21280

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-21280	Trust: 0.8
db:	IVD	id:	195D0D95-6543-455E-A035-69FE44E966C4	Trust: 0.2

sources: IVD: 195d0d95-6543-455e-a035-69fe44e966c4 // CNVD: CNVD-2019-21280

SOURCES

db:	IVD	id:	195d0d95-6543-455e-a035-69fe44e966c4
db:	CNVD	id:	CNVD-2019-21280

LAST UPDATE DATE

2022-05-17T02:04:28.578000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-21280

date:

2019-11-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	195d0d95-6543-455e-a035-69fe44e966c4	date:	2019-07-05T00:00:00
db:	CNVD	id:	CNVD-2019-21280	date:	2019-08-03T00:00:00