Details of VAR-202011-1596

ID

VAR-202011-1596

TITLE

Schneider PLC-M580 has a denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-58385

DESCRIPTION

M580 is a PLC in Schneider's Modicon PLC series. It is the first high-end integrated controller built by Schneider Electric for the industrial Internet of Things architecture. Schneider PLC-M580 has a denial of service vulnerability. Attackers can use this vulnerability to stop the PLC control service, and can no longer use the I/O module to control the actuator, which can cause production interruptions and other accidents.

Trust: 0.6

sources: CNVD: CNVD-2020-58385

IOT TAXONOMY

category:

['IoT', 'ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-58385

AFFECTED PRODUCTS

vendor:

schneider electric

model:

plc-m580

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-58385

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-58385
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-58385
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-58385

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-58385

Trust: 0.6

sources: CNVD: CNVD-2020-58385

REFERENCES

url:

https://www.schneider-electric.cn

Trust: 0.6

sources: CNVD: CNVD-2020-58385

SOURCES

db:

CNVD

id:

CNVD-2020-58385

LAST UPDATE DATE

2022-05-04T09:42:15.491000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-58385

date:

2020-10-25T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-58385

date:

2020-11-21T00:00:00