CVE-2019-6828 - OpenCVE

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Modicon M340 Modicon Premium Modicon Quantum Modicon M340 Firmware Modicon Premium Firmware Modicon M580 Firmware Modicon M580 Modicon Quantum Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2019-09-17T19:59:33

Updated: 2019-09-17T19:59:33

Reserved: 2019-01-25T00:00:00

Link: CVE-2019-6828

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-09-17T20:15:12.140

Modified: 2022-02-03T14:30:29.610

Link: CVE-2019-6828

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Modicon M580", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "firmware version prior to V2.90"}]}, {"product": "Modicon M340", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "firmware version prior to V3.10"}]}, {"product": "Modicon Premium", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "all versions"}]}, {"product": "Modicon Quantum", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "all versions"}]}], "descriptions": [{"lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-09-17T19:59:33", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6828", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M580", "version": {"version_data": [{"version_value": "firmware version prior to V2.90"}]}}, {"product_name": "Modicon M340", "version": {"version_data": [{"version_value": "firmware version prior to V3.10"}]}}, {"product_name": "Modicon Premium", "version": {"version_data": [{"version_value": "all versions"}]}}, {"product_name": "Modicon Quantum", "version": {"version_data": [{"version_value": "all versions"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-248: Uncaught Exception"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6828", "datePublished": "2019-09-17T19:59:33", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2019-09-17T19:59:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."}, {"lang": "es", "value": "Una CWE-248: Se presenta una vulnerabilidad de Excepci\u00f3n No Capturada en Modicon M580 (versi\u00f3n de firmware anterior a V2.90), Modicon M340 (versi\u00f3n de firmware anterior a V3.10), Modicon Premium (todas las versiones) y Modicon Quantum (todas las versiones), lo que podr\u00eda causar una posible denegaci\u00f3n de servicio durante la lectura de bobinas y registros espec\u00edficos en el controlador sobre protocolo Modbus."}], "id": "CVE-2019-6828", "lastModified": "2022-02-03T14:30:29.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-17T20:15:12.140", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-248"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}