Details of VAR-201905-0035

ID

VAR-201905-0035

CVE

CVE-2019-6819

TITLE

plural Modicon Vulnerability related to exceptional condition checking in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004815

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. plural Modicon The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Modicon M340 is a complex device and small and medium-sized project programmable controller (PLC). Modicon Premium is a complex control programmable controller (PLC). Modicon Quantum is a process control programmable controller (PLC). The Modicon M580 is a programmable automation controller (PAC). Modicon M580/M340/Premium/Quantum has an abnormality check for anomalies. An attacker could exploit the vulnerability by sending a specific Modbus frame to cause a denial of service. Schneider Electric Modicon Controllers are prone to a denial-of-service vulnerability. Schneider Electric Modicon M580, etc. are all products of French Schneider Electric (Schneider Electric). This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 2.7

sources: NVD: CVE-2019-6819 // JVNDB: JVNDB-2019-004815 // CNVD: CNVD-2019-15937 // BID: 109004 // IVD: 87dc0327-d573-496f-a02c-d0b520f33b35 // VULHUB: VHN-158254

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 87dc0327-d573-496f-a02c-d0b520f33b35 // CNVD: CNVD-2019-15937

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m340	scope:	lt	version:	3.01	Trust: 1.8
vendor:	schneider electric	model:	modicon m580	scope:	lt	version:	2.80	Trust: 1.8
vendor:	schneider electric	model:	modicon quantum	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon premium	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon premium plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon quantum plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m340	scope:	lt	version:	v3.01	Trust: 0.6
vendor:	schneider	model:	electric modicon quantum	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon premium	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m580	scope:	lt	version:	v2.80	Trust: 0.6
vendor:	schneider electric	model:	modicon quantum	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon premium	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m580	scope:	eq	version:	2.30	Trust: 0.3
vendor:	schneider electric	model:	modicon m580	scope:	eq	version:	2.20	Trust: 0.3
vendor:	schneider electric	model:	modicon m340	scope:	eq	version:	2.9	Trust: 0.3
vendor:	schneider electric	model:	modicon m580	scope:	ne	version:	2.80	Trust: 0.3
vendor:	schneider electric	model:	modicon m340	scope:	ne	version:	3.01	Trust: 0.3
vendor:	modicon m340	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon m580	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon quantum	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon premium	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 87dc0327-d573-496f-a02c-d0b520f33b35 // CNVD: CNVD-2019-15937 // BID: 109004 // JVNDB: JVNDB-2019-004815 // NVD: CVE-2019-6819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6819
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6819
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-15937
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-931
value:	HIGH
Trust: 0.6
IVD:	87dc0327-d573-496f-a02c-d0b520f33b35
value:	HIGH
Trust: 0.2
VULHUB:	VHN-158254
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6819
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-15937
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	87dc0327-d573-496f-a02c-d0b520f33b35
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-158254
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6819
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6819
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 87dc0327-d573-496f-a02c-d0b520f33b35 // CNVD: CNVD-2019-15937 // VULHUB: VHN-158254 // JVNDB: JVNDB-2019-004815 // CNNVD: CNNVD-201905-931 // NVD: CVE-2019-6819

PROBLEMTYPE DATA

problemtype:

CWE-754

Trust: 1.9

sources: VULHUB: VHN-158254 // JVNDB: JVNDB-2019-004815 // NVD: CVE-2019-6819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-931

TYPE

Code problem

Trust: 0.8

sources: IVD: 87dc0327-d573-496f-a02c-d0b520f33b35 // CNNVD: CNNVD-201905-931

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004815

PATCH

title:	SEVD-2019-134-05	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/	Trust: 0.8
title:	Modicon M580/M340/Premium/Quantum exception check for patches for improper vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/162447	Trust: 0.6
title:	Multiple Schneider Electric Product code issue vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92897	Trust: 0.6

sources: CNVD: CNVD-2019-15937 // JVNDB: JVNDB-2019-004815 // CNNVD: CNNVD-201905-931

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6819	Trust: 3.6
db:	BID	id:	109004	Trust: 2.0
db:	SCHNEIDER	id:	SEVD-2019-134-05	Trust: 1.7
db:	ICS CERT	id:	ICSA-19-183-01	Trust: 1.7
db:	CNNVD	id:	CNNVD-201905-931	Trust: 0.9
db:	CNVD	id:	CNVD-2019-15937	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004815	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2424	Trust: 0.6
db:	IVD	id:	87DC0327-D573-496F-A02C-D0B520F33B35	Trust: 0.2
db:	VULHUB	id:	VHN-158254	Trust: 0.1

sources: IVD: 87dc0327-d573-496f-a02c-d0b520f33b35 // CNVD: CNVD-2019-15937 // VULHUB: VHN-158254 // BID: 109004 // JVNDB: JVNDB-2019-004815 // CNNVD: CNNVD-201905-931 // NVD: CVE-2019-6819

REFERENCES

url:	http://www.securityfocus.com/bid/109004	Trust: 1.7
url:	https://www.schneider-electric.com/en/download/document/sevd-2019-134-05/	Trust: 1.7
url:	https://www.us-cert.gov/ics/advisories/icsa-19-183-01	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6819	Trust: 1.4
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6819	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-6819	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2424/	Trust: 0.6

sources: CNVD: CNVD-2019-15937 // VULHUB: VHN-158254 // BID: 109004 // JVNDB: JVNDB-2019-004815 // CNNVD: CNNVD-201905-931 // NVD: CVE-2019-6819

CREDITS

Zhang Xiaoming, Sun Zhonghao and Luo bing of CNCERT/CC., Zhang Jiawei

Trust: 0.6

sources: CNNVD: CNNVD-201905-931

SOURCES

db:	IVD	id:	87dc0327-d573-496f-a02c-d0b520f33b35
db:	CNVD	id:	CNVD-2019-15937
db:	VULHUB	id:	VHN-158254
db:	BID	id:	109004
db:	JVNDB	id:	JVNDB-2019-004815
db:	CNNVD	id:	CNNVD-201905-931
db:	NVD	id:	CVE-2019-6819

LAST UPDATE DATE

2024-11-23T21:59:58.807000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-15937	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-158254	date:	2019-07-03T00:00:00
db:	BID	id:	109004	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-004815	date:	2019-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-931	date:	2019-07-04T00:00:00
db:	NVD	id:	CVE-2019-6819	date:	2024-11-21T04:47:12.980

SOURCES RELEASE DATE

db:	IVD	id:	87dc0327-d573-496f-a02c-d0b520f33b35	date:	2019-05-30T00:00:00
db:	CNVD	id:	CNVD-2019-15937	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-158254	date:	2019-05-22T00:00:00
db:	BID	id:	109004	date:	2019-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-004815	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-931	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2019-6819	date:	2019-05-22T20:29:02.090