CVE-2019-6848 - OpenCVE

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware Modicon Bmenoc 0311 Modicon Bmenoc 0321 Modicon M580 Firmware Modicon M580

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2019-281-04/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2019-10-29T14:53:10

Updated: 2021-04-19T12:18:21

Reserved: 2019-01-25T00:00:00

Link: CVE-2019-6848

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-29T19:15:22.330

Modified: 2021-04-19T13:15:13.340

Link: CVE-2019-6848

JSON object: View

Redhat Information

No data.

CWE

CWE-755

{"containers": {"cna": {"affected": [{"product": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-19T12:18:21", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6848", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)", "version": {"version_data": [{"version_value": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6848", "datePublished": "2019-10-29T14:53:10", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2021-04-19T12:18:21", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en la CPU Modicon M580 (BMEx58*) y en el m\u00f3dulo de comunicaci\u00f3n Modicon M580 (BMENOC0311, BMENOC0321) (consulte la notificaci\u00f3n para obtener informaci\u00f3n sobre la versi\u00f3n), que podr\u00eda provocar un ataque de denegaci\u00f3n de servicio en el PLC al enviar datos espec\u00edficos en la API REST del controlador/m\u00f3dulo de comunicaci\u00f3n"}], "id": "CVE-2019-6848", "lastModified": "2021-04-19T13:15:13.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-29T19:15:22.330", "references": [{"source": "cybersecurity@se.com", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}