Sign-up

ID

VAR-201905-0030


CVE

CVE-2019-6808


TITLE

plural Modicon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004755

DESCRIPTION

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. plural Modicon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. An access control error vulnerability exists in several Schneider Electric products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Schneider Electric Modicon M580 (all versions); Modicon M340 (all versions); Modicon Quantum (all versions); Modicon Premium (all versions)

Trust: 1.8

sources: NVD: CVE-2019-6808 // JVNDB: JVNDB-2019-004755 // VULHUB: VHN-158243 // VULMON: CVE-2019-6808

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon premiumscope:lteversion:3.20

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.10

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:ltversion:2.90

Trust: 1.0

vendor:schneider electricmodel:modicon quantumscope:lteversion:3.60

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon premium plcscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon quantum plcscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-004755 // NVD: CVE-2019-6808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6808
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6808
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-945
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158243
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6808
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6808
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-158243
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6808
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6808
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158243 // VULMON: CVE-2019-6808 // JVNDB: JVNDB-2019-004755 // CNNVD: CNNVD-201905-945 // NVD: CVE-2019-6808

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-158243 // JVNDB: JVNDB-2019-004755 // NVD: CVE-2019-6808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-945

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-945

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004755

PATCH
title:SEVD-2019-134-11url:https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004755

EXTERNAL IDS
db:NVDid:CVE-2019-6808
Trust: 2.6
db:TALOSid:TALOS-2019-0771
Trust: 1.8
db:SCHNEIDERid:SEVD-2019-134-11
Trust: 1.8
db:JVNDBid:JVNDB-2019-004755
Trust: 0.8
db:CNNVDid:CNNVD-201905-945
Trust: 0.7
db:VULHUBid:VHN-158243
Trust: 0.1
db:VULMONid:CVE-2019-6808
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158243 // 
            
            
            
            VULMON: CVE-2019-6808 // 
            
            
            
            JVNDB: JVNDB-2019-004755 // 
            
            
            
            CNNVD: CNNVD-201905-945 // 
            
            
            
            NVD: CVE-2019-6808

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/
Trust: 1.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0771
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6808
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6808
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0771
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158243 // 
            
            
            
            VULMON: CVE-2019-6808 // 
            
            
            
            JVNDB: JVNDB-2019-004755 // 
            
            
            
            CNNVD: CNNVD-201905-945 // 
            
            
            
            NVD: CVE-2019-6808

CREDITS
Discovered by Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-945

SOURCES
db:VULHUBid:VHN-158243
db:VULMONid:CVE-2019-6808
db:JVNDBid:JVNDB-2019-004755
db:CNNVDid:CNNVD-201905-945
db:NVDid:CVE-2019-6808

LAST UPDATE DATE
2024-11-23T21:52:16.555000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158243date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-6808date:2022-02-03T00:00:00
db:JVNDBid:JVNDB-2019-004755date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-945date:2022-03-10T00:00:00
db:NVDid:CVE-2019-6808date:2024-11-21T04:47:12.017

SOURCES RELEASE DATE
db:VULHUBid:VHN-158243date:2019-05-22T00:00:00
db:VULMONid:CVE-2019-6808date:2019-05-22T00:00:00
db:JVNDBid:JVNDB-2019-004755date:2019-06-07T00:00:00
db:CNNVDid:CNNVD-201905-945date:2019-05-22T00:00:00
db:NVDid:CVE-2019-6808date:2019-05-22T21:29:00.697