CVE-2019-6841
Last modified
CVE-2019-6841 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.. EPSS estimates a 24.37% chance of exploitation in the next 30 days.
Description
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | All versions |
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon Bmxcra Firmware | All versions |
| Schneider-Electric | Modicon 140cra Firmware | All versions |
References
- https://www.se.com/ww/en/download/document/SEVD-2019-281-02/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2019-281-02/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6841?
How severe is CVE-2019-6841?
How do I fix CVE-2019-6841?
Are you affected by CVE-2019-6841?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST