Details of VAR-201909-1543

ID

VAR-201909-1543

TITLE

Schneider Electric Modicon M340 PLC Module Has Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-30876

DESCRIPTION

Schneider Electric M340 PLC is a modular universal controller for the manufacturing industry from Schneider. Is widely used in tobacco, petrochemical, water and other important industrial control sites. Zh Schneider Electric M340 PLC CPU has a denial of service vulnerability. Allows attackers to exploit vulnerabilities and quickly send a large number of specific data packets to any port of the host, rendering the host unresponsive and causing a denial of service attack

Trust: 0.72

sources: CNVD: CNVD-2019-30876 // IVD: 8ceb027e-37a1-4898-a98b-c935c2d1615e

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 8ceb027e-37a1-4898-a98b-c935c2d1615e // CNVD: CNVD-2019-30876

AFFECTED PRODUCTS

vendor:	schneider	model:	electric m340 plc	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	m340 plc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 8ceb027e-37a1-4898-a98b-c935c2d1615e // CNVD: CNVD-2019-30876

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-30876
value:	MEDIUM
Trust: 0.6
IVD:	8ceb027e-37a1-4898-a98b-c935c2d1615e
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-30876
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	8ceb027e-37a1-4898-a98b-c935c2d1615e
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 8ceb027e-37a1-4898-a98b-c935c2d1615e // CNVD: CNVD-2019-30876

TYPE

Denial of service

Trust: 0.2

sources: IVD: 8ceb027e-37a1-4898-a98b-c935c2d1615e

PATCH

title:

Schneider Electric Modicon M340 PLC Module Has Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/178793

Trust: 0.6

sources: CNVD: CNVD-2019-30876

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-30876	Trust: 0.8
db:	IVD	id:	8CEB027E-37A1-4898-A98B-C935C2D1615E	Trust: 0.2

sources: IVD: 8ceb027e-37a1-4898-a98b-c935c2d1615e // CNVD: CNVD-2019-30876

SOURCES

db:	IVD	id:	8ceb027e-37a1-4898-a98b-c935c2d1615e
db:	CNVD	id:	CNVD-2019-30876

LAST UPDATE DATE

2022-05-17T02:08:54.886000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-30876

date:

2019-09-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	8ceb027e-37a1-4898-a98b-c935c2d1615e	date:	2019-09-09T00:00:00
db:	CNVD	id:	CNVD-2019-30876	date:	2019-10-18T00:00:00