Details of VAR-202001-0449

ID

VAR-202001-0449

CVE

CVE-2019-6856

TITLE

plural Modicon Vulnerability in checking exceptional conditions in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-014057

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-6856 // JVNDB: JVNDB-2019-014057 // CNVD: CNVD-2020-02578

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02578

AFFECTED PRODUCTS

vendor:	schneider electric	model:	tsxp573634m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp57554m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	140cpu65150	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	tsxp57204m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp57454m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp57304m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp572634m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	140cpu65260	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	140cpu67160	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	tsxp57354m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	140cpu67861	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	140cpu67060	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	140cpu67160s	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	tsxp576634m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxh5724m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp571634m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	lt	version:	3.01	Trust: 1.0
vendor:	schneider electric	model:	tsxp57104m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp574634m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	140cpu65860	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	140cpu67261	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	modicon m580	scope:	lt	version:	2.80	Trust: 1.0
vendor:	schneider electric	model:	tsxh5744m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	140cpu65160s	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	tsxp57154m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	140cpu65160	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	140cpu67260	scope:	lt	version:	3.52	Trust: 1.0
vendor:	schneider electric	model:	tsxp57254m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	tsxp575634m	scope:	lt	version:	3.20	Trust: 1.0
vendor:	schneider electric	model:	modicon m340	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	modicon m580	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxh5724m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxh5744m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxp57354m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxp57454m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxp574634m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxp57554m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxp575634m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxp576634m	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric modicon m340	scope:	lt	version:	3.01	Trust: 0.6
vendor:	schneider	model:	electric modicon m580	scope:	lt	version:	2.80	Trust: 0.6
vendor:	schneider	model:	electric modicon premium	scope:	lt	version:	3.20	Trust: 0.6
vendor:	schneider	model:	electric modicon quantum	scope:	lt	version:	3.52	Trust: 0.6

sources: CNVD: CNVD-2020-02578 // JVNDB: JVNDB-2019-014057 // NVD: CVE-2019-6856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6856
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-6856
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-02578
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-834
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-6856
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-02578
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-6856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02578 // JVNDB: JVNDB-2019-014057 // CNNVD: CNNVD-201912-834 // NVD: CVE-2019-6856

PROBLEMTYPE DATA

problemtype:

CWE-754

Trust: 1.8

sources: JVNDB: JVNDB-2019-014057 // NVD: CVE-2019-6856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-834

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-834

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014057

PATCH

title:	SEVD-2019-344-01	url:	https://www.se.com/ww/en/download/document/SEVD-2019-344-01/	Trust: 0.8
title:	Patch for Multiple Schneider Electric Product Code Issue Vulnerabilities (CNVD-2020-02578)	url:	https://www.cnvd.org.cn/patchInfo/show/197257	Trust: 0.6
title:	Multiple Schneider Electric Product code issue vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106371	Trust: 0.6

sources: CNVD: CNVD-2020-02578 // JVNDB: JVNDB-2019-014057 // CNNVD: CNNVD-201912-834

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6856	Trust: 3.0
db:	ICS CERT	id:	ICSA-20-016-01	Trust: 2.4
db:	SCHNEIDER	id:	SEVD-2019-344-01	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-014057	Trust: 0.8
db:	CNVD	id:	CNVD-2020-02578	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0189	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-834	Trust: 0.6

sources: CNVD: CNVD-2020-02578 // JVNDB: JVNDB-2019-014057 // CNNVD: CNNVD-201912-834 // NVD: CVE-2019-6856

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-016-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6856	Trust: 2.0
url:	https://www.se.com/ww/en/download/document/sevd-2019-344-01	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6856	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18615	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0189/	Trust: 0.6
url:	https://www.se.com/ww/en/download/document/sevd-2019-344-01/	Trust: 0.6

sources: CNVD: CNVD-2020-02578 // JVNDB: JVNDB-2019-014057 // CNNVD: CNNVD-201912-834 // NVD: CVE-2019-6856

CREDITS

Chansim Deng

Trust: 0.6

sources: CNNVD: CNNVD-201912-834

SOURCES

db:	CNVD	id:	CNVD-2020-02578
db:	JVNDB	id:	JVNDB-2019-014057
db:	CNNVD	id:	CNNVD-201912-834
db:	NVD	id:	CVE-2019-6856

LAST UPDATE DATE

2024-11-23T21:36:14.626000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02578	date:	2020-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-014057	date:	2020-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-834	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2019-6856	date:	2024-11-21T04:47:17.430

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02578	date:	2020-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-014057	date:	2020-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-834	date:	2019-12-10T00:00:00
db:	NVD	id:	CVE-2019-6856	date:	2020-01-06T23:15:11.317