CVE-2019-6821 — Use of Insufficiently Random Values in Modicon M580 Firmware

CWE-330 — Use of Insufficiently Random Values3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 53.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Modicon M580 Firmware

Timeline

PublishedMay 22

Latest updateMay 24

Description

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶NVDschneider-electric/modicon_m580_firmware< 2.30

Patches

Patch: www.schneider-electric.com ↗Patch: www.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-pr9h-xjrf-gjcr: CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in↗2022-05-24

▶

CVEList

CVE-2019-6821: CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in↗2019-05-22

▶