Detections
Analytics
Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6844)
medium Tenable OT Security Plugin ID 500295
Synopsis
The remote OT asset is affected by a vulnerability.Description
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://www.se.com/ww/en/download/document/SEVD-2019-281-02/
Plugin Details
Severity: Medium
ID: 500295
Version: 1.7
Type: remote
Family: Tenable.ot
Published: 2/7/2022
Updated: 1/24/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS Score Source: CVE-2019-6844
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:schneider-electric:modicon_140cra_firmware, cpe:/o:schneider-electric:modicon_bmxcra_firmware, cpe:/o:schneider-electric:modicon_m340_series_firmware, cpe:/o:schneider-electric:modicon_m580_series_firmware
Required KB Items: Tenable.ot/Schneider
Exploit Ease: No known exploits are available
Patch Publication Date: 10/29/2019
Vulnerability Publication Date: 10/29/2019
Reference Information
CVE: CVE-2019-6844
CWE: 755