gsd - gsd-2019-6819

gsd-2019-6819

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.

Aliases

CVE-2019-6819

Aliases

CVE-2019-6819

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6819",
    "description": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.",
    "id": "GSD-2019-6819"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6819"
      ],
      "details": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.",
      "id": "GSD-2019-6819",
      "modified": "2023-12-13T01:23:49.988632Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2019-6819",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/",
            "refsource": "MISC",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
          },
          {
            "name": "109004",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/109004"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F",
                    "versionEndExcluding": "3.01",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB",
                    "versionEndExcluding": "2.80",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7",
                    "vulnerable": false
                  },
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium."
          },
          {
            "lang": "es",
            "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada  para condiciones inusuales o excepcionales, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio cuando se env\u00edan tramas Modbus espec\u00edficas hacia el controlador en los productos: Modicon M340 - versiones de firmware anteriores a la V3.01, Modicon M580 - versiones de firmware anteriores a V2.80, y todas las versiones de firmware de Modicon Quantum y Modicon Premium."
          }
        ],
        "id": "CVE-2019-6819",
        "lastModified": "2024-04-10T12:28:45.957",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2019-05-22T20:29:02.090",
        "references": [
          {
            "source": "cybersecurity@se.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.securityfocus.com/bid/109004"
          },
          {
            "source": "cybersecurity@se.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/"
          }
        ],
        "sourceIdentifier": "cybersecurity@se.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-754"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-754"
              }
            ],
            "source": "cybersecurity@se.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CVE-2019-6819 (GCVE-0-2019-6819)

Vulnerability from cvelistv5

Published

2019-05-22 19:45

Modified

2024-08-04 20:31

Severity ?

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

References

►

URL

Tags

	https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/	x_refsource_MISC
	http://www.securityfocus.com/bid/109004	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium	Version: Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium

Show details on NVD website