Details of VAR-201909-1555

ID

VAR-201909-1555

TITLE

Schneider Electric Modicon M340 PLC Has Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-32851

DESCRIPTION

Schneider Electric Modicon M340 is a medium-sized PLC of Schneider Electric, which is widely used in the field of industrial control in China. Schneider Electric Modicon M340 PLC has an unauthorized access vulnerability. An attacker can exploit the vulnerabilities without logging in to the administrator account, by constructing special links, tampering with user passwords, and obtaining sensitive information

Trust: 0.72

sources: CNVD: CNVD-2019-32851 // IVD: 764b8ed7-30b5-4b64-8eeb-40ac27d4ab60

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 764b8ed7-30b5-4b64-8eeb-40ac27d4ab60 // CNVD: CNVD-2019-32851

AFFECTED PRODUCTS

vendor:	schneider	model:	electric m340 plc	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	m340 plc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 764b8ed7-30b5-4b64-8eeb-40ac27d4ab60 // CNVD: CNVD-2019-32851

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-32851
value:	LOW
Trust: 0.6
IVD:	764b8ed7-30b5-4b64-8eeb-40ac27d4ab60
value:	LOW
Trust: 0.2

CNVD:	CNVD-2019-32851
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	764b8ed7-30b5-4b64-8eeb-40ac27d4ab60
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 764b8ed7-30b5-4b64-8eeb-40ac27d4ab60 // CNVD: CNVD-2019-32851

TYPE

Access verification error

Trust: 0.2

sources: IVD: 764b8ed7-30b5-4b64-8eeb-40ac27d4ab60

PATCH

title:

Schneider Electric Modicon M340 PLC Has Unauthorized Access Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/178801

Trust: 0.6

sources: CNVD: CNVD-2019-32851

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-32851	Trust: 0.8
db:	IVD	id:	764B8ED7-30B5-4B64-8EEB-40AC27D4AB60	Trust: 0.2

sources: IVD: 764b8ed7-30b5-4b64-8eeb-40ac27d4ab60 // CNVD: CNVD-2019-32851

SOURCES

db:	IVD	id:	764b8ed7-30b5-4b64-8eeb-40ac27d4ab60
db:	CNVD	id:	CNVD-2019-32851

LAST UPDATE DATE

2022-05-17T01:59:54.643000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-32851

date:

2019-09-25T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	764b8ed7-30b5-4b64-8eeb-40ac27d4ab60	date:	2019-09-24T00:00:00
db:	CNVD	id:	CNVD-2019-32851	date:	2019-10-19T00:00:00