Details of VAR-201909-1558

ID

VAR-201909-1558

TITLE

Schneider Electric Modicon M340 PLC Has Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-32850

DESCRIPTION

Schneider Electric Modicon M340 is a medium-sized PLC of Schneider Electric, which is widely used in the field of industrial control in China. Schneider Electric Modicon M340 PLC has an unauthorized access vulnerability. An attacker can exploit the vulnerability without having to log in to an account, and delete a user's password by constructing a special link

Trust: 0.72

sources: CNVD: CNVD-2019-32850 // IVD: 9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25 // CNVD: CNVD-2019-32850

AFFECTED PRODUCTS

vendor:	schneider	model:	electric m340 plc	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	m340 plc	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25 // CNVD: CNVD-2019-32850

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-32850
value:	LOW
Trust: 0.6
IVD:	9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25
value:	LOW
Trust: 0.2

CNVD:	CNVD-2019-32850
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25 // CNVD: CNVD-2019-32850

TYPE

Access verification error

Trust: 0.2

sources: IVD: 9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25

PATCH

title:

Schneider Electric Modicon M341 PLC has unauthorized access vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/178807

Trust: 0.6

sources: CNVD: CNVD-2019-32850

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-32850	Trust: 0.8
db:	IVD	id:	9FA6343A-EF6F-4AD1-AED0-20C9C5F5FF25	Trust: 0.2

sources: IVD: 9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25 // CNVD: CNVD-2019-32850

SOURCES

db:	IVD	id:	9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25
db:	CNVD	id:	CNVD-2019-32850

LAST UPDATE DATE

2022-05-17T02:09:42.956000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-32850

date:

2019-09-25T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9fa6343a-ef6f-4ad1-aed0-20c9c5f5ff25	date:	2019-09-24T00:00:00
db:	CNVD	id:	CNVD-2019-32850	date:	2019-10-19T00:00:00