CVE-2019-6841
published 2019-10-29CVE-2019-6841: A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware…
PriorityP335medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
24.37%
97.6th percentile
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
arxiv_fulltext·2021-11-27
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World
Simon Daniel Duque Anton,
Daniel Fraunholz,
Daniel Krohmer,
Daniel Reti,
Daniel Schneider,
and Hans Dieter Schotten
This is a pre-print of a paper published in the IEEE Internet of Things Journal.
Please cite as: SD Duque Anton, D Fraunholz, D Krohmer, D Reti, D Schneider, and HD Schotten: The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilites around the World, IEEE Internet of Things Journal, May 2021
S. D. Duque Anton was with the German Research Center for Artificial Intelligence. He is now with the comlet Verteilte Systeme GmbH and with the University of Kaiserslautern.
D. Reti, D. Schneider and H. D. Schotten are with the G
Talos
Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
blogs_talos·2019-10-08·CVSS 4.9
[MEDIUM] Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
Jared Rittle and Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in
Schneider Electric's Modicon line of programmable automation controllers. The majority of the bugs we will discuss exist in the Modicon's use of FTP.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Schneider Electric to ensure that these issues are resolved and that an update is available for affected customers. Talos previously disclosed a separate round of vulnerabilities in this product in June.
### Vulnerability details
Schneider Electric Modicon M58
Talos
Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
blogs_talos·2019-10-08·CVSS 4.9
[MEDIUM] Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
## Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580
Jared Rittle and Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in
Schneider Electric's Modicon line of programmable automation controllers. The majority of the bugs we will discuss exist in the Modicon's use of FTP.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Schneider Electric to ensure that these issues are resolved and that an update is available for affected customers. Talos previously disclosed a separate round of vulnerabil
2019-10-29
Published