Vulnerability Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Bmxnor0200H Firmware | - |
| Schneider-Electric | Bmxnor0200H | - |
Related Weaknesses (CWE)
References
- https://security.cse.iitk.ac.in/responsible-disclosureThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/Vendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/Vendor Advisory
- https://security.cse.iitk.ac.in/responsible-disclosureThird Party Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/Vendor Advisory
- https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/Vendor Advisory
FAQ
What is CVE-2019-6813?
CVE-2019-6813 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versi...
How severe is CVE-2019-6813?
CVE-2019-6813 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6813?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Bmxnor0200H Firmware, Schneider-Electric Bmxnor0200H.