CVE-2019-6857

CWE-7543 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric 140cpu65150 Firmware Schneider-electric 140cpu65160 Firmware Schneider-electric 140cpu65160s Firmware +26 more

Timeline

PublishedJan 6

Latest updateMay 24

Description

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages29 packages

▶NVDschneider-electric/modicon_m340_firmware< 3.01

▶NVDschneider-electric/modicon_m580_firmware< 2.80

▶NVDschneider-electric/tsxh5724m_firmware< 3.20

▶NVDschneider-electric/tsxh5744m_firmware< 3.20

▶NVDschneider-electric/tsxp57104m_firmware< 3.20

🔴Vulnerability Details

GHSA

GHSA-rfpc-4j7v-fqjp: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (↗2022-05-24

▶

CVEList

CVE-2019-6857: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (↗2020-01-06

▶