Vulnerability Description
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Modicon M580 Firmware | All versions |
| Schneider-Electric | Modicon M580 | - |
| Schneider-Electric | Modicon M340 Firmware | All versions |
| Schneider-Electric | Modicon M340 | - |
| Schneider-Electric | Modicon Bmxcra Firmware | All versions |
| Schneider-Electric | Modicon Bmxcra | - |
| Schneider-Electric | Modicon 140Cra Firmware | All versions |
| Schneider-Electric | Modicon 140Cra | - |
Related Weaknesses (CWE)
References
- https://www.se.com/ww/en/download/document/SEVD-2019-281-02/Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2019-281-02/Vendor Advisory
FAQ
What is CVE-2019-6841?
CVE-2019-6841 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA ...
How severe is CVE-2019-6841?
CVE-2019-6841 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6841?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Modicon M580 Firmware, Schneider-Electric Modicon M580, Schneider-Electric Modicon M340 Firmware, Schneider-Electric Modicon M340, Schneider-Electric Modicon Bmxcra Firmware.