CVE-2019-6821
Last modified
CVE-2019-6821 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.. EPSS estimates a 1.93% chance of exploitation in the next 30 days.
Description
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | < 2.30 |
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon Quantum Firmware | All versions |
| Schneider-Electric | Modicon Premium Firmware | All versions |
References
- http://www.securityfocus.com/bid/108366Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01Third Party Advisory, US Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/Patch, Vendor Advisory
- http://www.securityfocus.com/bid/108366Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01Third Party Advisory, US Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6821?
How severe is CVE-2019-6821?
How do I fix CVE-2019-6821?
Are you affected by CVE-2019-6821?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST