Sign-up

ID

VAR-201909-0042


CVE

CVE-2019-6813


TITLE

BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Vulnerabilities related to exceptional state checking

Trust: 0.8

sources: JVNDB: JVNDB-2019-009446

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and BMXNOR0200H Ethernet/Serial RTU module are products of Schneider Electric (France). Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module and Modicon M340 controller have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.25

sources: NVD: CVE-2019-6813 // JVNDB: JVNDB-2019-009446 // CNVD: CNVD-2020-25045 // VULHUB: VHN-158248

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-25045

AFFECTED PRODUCTS

vendor:schneider electricmodel:bmxnor0200hscope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmxnor0200hscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneidermodel:electric schneider electric bmxnor0200h ethernet/serial rtu modulescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-25045 // JVNDB: JVNDB-2019-009446 // NVD: CVE-2019-6813

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6813
value: HIGH

Trust: 1.0

NVD: CVE-2019-6813
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-25045
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-819
value: HIGH

Trust: 0.6

VULHUB: VHN-158248
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6813
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-25045
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158248
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6813
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6813
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-25045 // VULHUB: VHN-158248 // JVNDB: JVNDB-2019-009446 // CNNVD: CNNVD-201909-819 // NVD: CVE-2019-6813

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.9

sources: VULHUB: VHN-158248 // JVNDB: JVNDB-2019-009446 // NVD: CVE-2019-6813

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-819

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201909-819

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009446

PATCH
title:SEVD-2019-225-02url:https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/
Trust: 0.8
title:SEVD-2019-225-03url:https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009446

EXTERNAL IDS
db:NVDid:CVE-2019-6813
Trust: 3.1
db:SCHNEIDERid:SEVD-2019-225-03
Trust: 2.3
db:SCHNEIDERid:SEVD-2019-225-02
Trust: 1.7
db:JVNDBid:JVNDB-2019-009446
Trust: 0.8
db:CNVDid:CNVD-2020-25045
Trust: 0.6
db:ICS CERTid:ICSA-20-044-01
Trust: 0.6
db:AUSCERTid:ESB-2020.0526
Trust: 0.6
db:CNNVDid:CNNVD-201909-819
Trust: 0.6
db:VULHUBid:VHN-158248
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25045 // 
            
            
            
            VULHUB: VHN-158248 // 
            
            
            
            JVNDB: JVNDB-2019-009446 // 
            
            
            
            CNNVD: CNNVD-201909-819 // 
            
            
            
            NVD: CVE-2019-6813

REFERENCES
url:https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/
Trust: 2.3
url:https://www.schneider-electric.com/en/download/document/sevd-2019-225-02/
Trust: 1.7
url:https://security.cse.iitk.ac.in/responsible-disclosure
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6813
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6813
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-20-044-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0526/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25045 // 
            
            
            
            VULHUB: VHN-158248 // 
            
            
            
            JVNDB: JVNDB-2019-009446 // 
            
            
            
            CNNVD: CNNVD-201909-819 // 
            
            
            
            NVD: CVE-2019-6813

SOURCES
db:CNVDid:CNVD-2020-25045
db:VULHUBid:VHN-158248
db:JVNDBid:JVNDB-2019-009446
db:CNNVDid:CNNVD-201909-819
db:NVDid:CVE-2019-6813

LAST UPDATE DATE
2024-11-23T22:06:01.633000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25045date:2020-04-26T00:00:00
db:VULHUBid:VHN-158248date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-009446date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-819date:2022-03-10T00:00:00
db:NVDid:CVE-2019-6813date:2024-11-21T04:47:12.570

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-25045date:2019-09-26T00:00:00
db:VULHUBid:VHN-158248date:2019-09-17T00:00:00
db:JVNDBid:JVNDB-2019-009446date:2019-09-20T00:00:00
db:CNNVDid:CNNVD-201909-819date:2019-09-17T00:00:00
db:NVDid:CVE-2019-6813date:2019-09-17T20:15:12