CVE-2019-6821

EUVD-2019-16375
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
schneider-electricmodicon_m580_firmware
𝑥
< 2.30
schneider-electricmodicon_m340_firmware
*
schneider-electricmodicon_quantum_firmware
*
schneider-electricmodicon_premium_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/108366
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/
http://www.securityfocus.com/bid/108366
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/