Sign-up

ID

VAR-201909-0044


CVE

CVE-2019-6828


TITLE

plural  Modicon  Product Exceptional State Handling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009442

DESCRIPTION

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. plural Modicon The product contains an exceptional state handling vulnerability.Service operation interruption (DoS) It may be in a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. A security vulnerability exists in several Schneider Electric products. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2019-6828 // JVNDB: JVNDB-2019-009442 // VULHUB: VHN-158263

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m580scope:ltversion:2.90

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.10

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon premiumscope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009442 // NVD: CVE-2019-6828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6828
value: HIGH

Trust: 1.0

NVD: CVE-2019-6828
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-936
value: HIGH

Trust: 0.6

VULHUB: VHN-158263
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6828
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158263
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6828
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6828
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158263 // JVNDB: JVNDB-2019-009442 // CNNVD: CNNVD-201908-936 // NVD: CVE-2019-6828

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-248

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-158263 // JVNDB: JVNDB-2019-009442 // NVD: CVE-2019-6828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-936

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-936

PATCH

title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/

Trust: 0.8

sources: JVNDB: JVNDB-2019-009442

EXTERNAL IDS

db:NVDid:CVE-2019-6828

Trust: 3.3

db:SCHNEIDERid:SEVD-2019-134-11

Trust: 1.7

db:JVNid:JVNVU92254859

Trust: 0.8

db:ICS CERTid:ICSA-25-114-01

Trust: 0.8

db:JVNDBid:JVNDB-2019-009442

Trust: 0.8

db:CNNVDid:CNNVD-201908-936

Trust: 0.7

db:TALOSid:TALOS-2019-0806

Trust: 0.6

db:VULHUBid:VHN-158263

Trust: 0.1

sources: VULHUB: VHN-158263 // JVNDB: JVNDB-2019-009442 // CNNVD: CNNVD-201908-936 // NVD: CVE-2019-6828

REFERENCES

url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6828

Trust: 1.4

url:https://jvn.jp/vu/jvnvu92254859/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01

Trust: 0.8

url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0806

Trust: 0.6

sources: VULHUB: VHN-158263 // JVNDB: JVNDB-2019-009442 // CNNVD: CNNVD-201908-936 // NVD: CVE-2019-6828

CREDITS

Discovered by Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201908-936

SOURCES

db:VULHUBid:VHN-158263
db:JVNDBid:JVNDB-2019-009442
db:CNNVDid:CNNVD-201908-936
db:NVDid:CVE-2019-6828

LAST UPDATE DATE

2025-04-30T02:41:35.715000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158263date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009442date:2025-04-28T07:51:00
db:CNNVDid:CNNVD-201908-936date:2022-03-10T00:00:00
db:NVDid:CVE-2019-6828date:2024-11-21T04:47:14.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-158263date:2019-09-17T00:00:00
db:JVNDBid:JVNDB-2019-009442date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201908-936date:2019-08-13T00:00:00
db:NVDid:CVE-2019-6828date:2019-09-17T20:15:12.140