Details of VAR-201905-0037

ID

VAR-201905-0037

CVE

CVE-2019-6821

TITLE

plural Modicon Vulnerabilities related to insufficient random values in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004760

DESCRIPTION

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. plural Modicon The product contains a vulnerability related to the use of insufficient random values.Information may be obtained. Schneider Electric Modicon M580 and others are products of Schneider Electric, France. The Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. There are insufficient random value exploits in Modicon M580/M340/Premium/Quantum. An attacker could exploit this vulnerability to implement TCP connection hijacking when using Ethernet communications. An attacker can exploit this issue to bypass certain security restrictions, obtain sensitive information and perform unauthorized actions; this may aid in launching further attacks. The following Schneider Electric Modicon products are vulnerable: Modicon M580 versions prior to 2.30 Modicon M340 Modicon Premium Modicon Quantum. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products

Trust: 2.7

sources: NVD: CVE-2019-6821 // JVNDB: JVNDB-2019-004760 // CNVD: CNVD-2019-15888 // BID: 108366 // IVD: 264dd250-479d-4b77-9e34-bb3459e250d0 // VULHUB: VHN-158256

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 264dd250-479d-4b77-9e34-bb3459e250d0 // CNVD: CNVD-2019-15888

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m580	scope:	lt	version:	2.30	Trust: 1.8
vendor:	schneider electric	model:	modicon quantum	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon premium	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon premium plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon quantum plc	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m340	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon quantum	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon premium	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m580	scope:	lt	version:	v2.30	Trust: 0.6
vendor:	schneider electric	model:	modicon quantum	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon premium	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m580	scope:	eq	version:	2.20	Trust: 0.3
vendor:	schneider electric	model:	modicon m340	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	modicon m580	scope:	ne	version:	2.80	Trust: 0.3
vendor:	schneider electric	model:	modicon m580	scope:	ne	version:	2.30	Trust: 0.3
vendor:	modicon m580	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon m340	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon quantum	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modicon premium	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 264dd250-479d-4b77-9e34-bb3459e250d0 // CNVD: CNVD-2019-15888 // BID: 108366 // JVNDB: JVNDB-2019-004760 // NVD: CVE-2019-6821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6821
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6821
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-15888
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-798
value:	MEDIUM
Trust: 0.6
IVD:	264dd250-479d-4b77-9e34-bb3459e250d0
value:	HIGH
Trust: 0.2
VULHUB:	VHN-158256
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6821
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2019-6821
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2019-15888
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	264dd250-479d-4b77-9e34-bb3459e250d0
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-158256
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6821
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6821
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 264dd250-479d-4b77-9e34-bb3459e250d0 // CNVD: CNVD-2019-15888 // VULHUB: VHN-158256 // JVNDB: JVNDB-2019-004760 // CNNVD: CNNVD-201905-798 // NVD: CVE-2019-6821

PROBLEMTYPE DATA

problemtype:

CWE-330

Trust: 1.9

sources: VULHUB: VHN-158256 // JVNDB: JVNDB-2019-004760 // NVD: CVE-2019-6821

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-798

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-798

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004760

PATCH

title:	SEVD-2019-134-03	url:	https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/	Trust: 0.8
title:	Modicon M580/M340/Premium/Quantum patch with insufficient random value exploits	url:	https://www.cnvd.org.cn/patchInfo/show/162385	Trust: 0.6

sources: CNVD: CNVD-2019-15888 // JVNDB: JVNDB-2019-004760

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6821	Trust: 3.6
db:	ICS CERT	id:	ICSA-19-136-01	Trust: 2.8
db:	SCHNEIDER	id:	SEVD-2019-134-03	Trust: 2.0
db:	BID	id:	108366	Trust: 2.0
db:	CNNVD	id:	CNNVD-201905-798	Trust: 0.9
db:	CNVD	id:	CNVD-2019-15888	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-004760	Trust: 0.8
db:	IVD	id:	264DD250-479D-4B77-9E34-BB3459E250D0	Trust: 0.2
db:	VULHUB	id:	VHN-158256	Trust: 0.1

sources: IVD: 264dd250-479d-4b77-9e34-bb3459e250d0 // CNVD: CNVD-2019-15888 // VULHUB: VHN-158256 // BID: 108366 // JVNDB: JVNDB-2019-004760 // CNNVD: CNNVD-201905-798 // NVD: CVE-2019-6821

REFERENCES

url:	http://www.securityfocus.com/bid/108366	Trust: 2.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-136-01	Trust: 2.0
url:	https://www.schneider-electric.com/en/download/document/sevd-2019-134-03/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6821	Trust: 1.4
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.9
url:	https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_name=sevd-2019-134-03+-+modicon+controller.pdf&p_doc_ref=sevd-2019-134-03	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6821	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-136-01	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-6821	Trust: 0.6

sources: CNVD: CNVD-2019-15888 // VULHUB: VHN-158256 // BID: 108366 // JVNDB: JVNDB-2019-004760 // CNNVD: CNNVD-201905-798 // NVD: CVE-2019-6821

CREDITS

David Formby & Raheem Beyah of Fortiphyd Logic and Georgia Tech.

Trust: 0.9

sources: BID: 108366 // CNNVD: CNNVD-201905-798

SOURCES

db:	IVD	id:	264dd250-479d-4b77-9e34-bb3459e250d0
db:	CNVD	id:	CNVD-2019-15888
db:	VULHUB	id:	VHN-158256
db:	BID	id:	108366
db:	JVNDB	id:	JVNDB-2019-004760
db:	CNNVD	id:	CNNVD-201905-798
db:	NVD	id:	CVE-2019-6821

LAST UPDATE DATE

2024-11-23T22:33:56.183000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-15888	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-158256	date:	2019-06-17T00:00:00
db:	BID	id:	108366	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004760	date:	2019-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201905-798	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2019-6821	date:	2024-11-21T04:47:13.233

SOURCES RELEASE DATE

db:	IVD	id:	264dd250-479d-4b77-9e34-bb3459e250d0	date:	2019-05-30T00:00:00
db:	CNVD	id:	CNVD-2019-15888	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-158256	date:	2019-05-22T00:00:00
db:	BID	id:	108366	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004760	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-798	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-6821	date:	2019-05-22T20:29:02.183