Sign-up

ID

VAR-202001-0450


CVE

CVE-2019-6857


TITLE

plural Modicon Vulnerability in checking exceptional conditions in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-014052

DESCRIPTION

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. plural Modicon The product contains an exceptional condition checking vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Modicon M580 and other products are from Schneider Electric (France). Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon Premium is a large programmable logic controller (PLC) for discrete or process applications. Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. Several Schneider Electric products have code issue vulnerabilities that originate from programs that do not properly check for abnormal conditions. An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-6857 // JVNDB: JVNDB-2019-014052 // CNVD: CNVD-2020-02577

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02577

AFFECTED PRODUCTS

vendor:schneider electricmodel:tsxp573634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65150scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:tsxp57554mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp57204mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp57454mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp57304mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp572634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu67160scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:tsxp57354mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65260scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:140cpu67861scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:140cpu67160sscope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:140cpu67060scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:tsxp576634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxh5724mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp571634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope:ltversion:3.01

Trust: 1.0

vendor:schneider electricmodel:tsxp57104mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp574634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:modicon m580scope:ltversion:2.80

Trust: 1.0

vendor:schneider electricmodel:tsxh5744mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65860scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:140cpu67261scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:140cpu65160sscope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:tsxp57154mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:140cpu65160scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:140cpu67260scope:ltversion:3.60

Trust: 1.0

vendor:schneider electricmodel:tsxp57254mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:tsxp575634mscope:ltversion:3.20

Trust: 1.0

vendor:schneider electricmodel:modicon m340scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m580scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxh5724mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxh5744mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57354mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57454mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp574634mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp57554mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp575634mscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:tsxp576634mscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric modicon m340scope:ltversion:3.01

Trust: 0.6

vendor:schneidermodel:electric modicon m580scope:ltversion:2.80

Trust: 0.6

vendor:schneidermodel:electric modicon premiumscope:ltversion:3.20

Trust: 0.6

vendor:schneidermodel:electric modicon quantumscope:ltversion:3.60

Trust: 0.6

sources: CNVD: CNVD-2020-02577 // JVNDB: JVNDB-2019-014052 // NVD: CVE-2019-6857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6857
value: HIGH

Trust: 1.0

NVD: CVE-2019-6857
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-02577
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-835
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-6857
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02577
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6857
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6857
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02577 // JVNDB: JVNDB-2019-014052 // CNNVD: CNNVD-201912-835 // NVD: CVE-2019-6857

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.8

sources: JVNDB: JVNDB-2019-014052 // NVD: CVE-2019-6857

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-835

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-835

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014052

PATCH
title:SEVD-2019-344-01url:https://www.se.com/ww/en/download/document/SEVD-2019-344-01/
Trust: 0.8
title:Patch for Multiple Schneider Electric Product Code Issue Vulnerabilities (CNVD-2020-02577)url:https://www.cnvd.org.cn/patchInfo/show/197253
Trust: 0.6
title:Multiple Schneider Electric Product code issue vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106543
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02577 // 
            
            
            
            JVNDB: JVNDB-2019-014052 // 
            
            
            
            CNNVD: CNNVD-201912-835

EXTERNAL IDS
db:NVDid:CVE-2019-6857
Trust: 3.0
db:ICS CERTid:ICSA-20-016-01
Trust: 2.4
db:SCHNEIDERid:SEVD-2019-344-01
Trust: 1.6
db:JVNDBid:JVNDB-2019-014052
Trust: 0.8
db:CNVDid:CNVD-2020-02577
Trust: 0.6
db:AUSCERTid:ESB-2020.0189
Trust: 0.6
db:CNNVDid:CNNVD-201912-835
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02577 // 
            
            
            
            JVNDB: JVNDB-2019-014052 // 
            
            
            
            CNNVD: CNNVD-201912-835 // 
            
            
            
            NVD: CVE-2019-6857

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-016-01
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-6857
Trust: 2.0
url:https://www.se.com/ww/en/download/document/sevd-2019-344-01
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6857
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18615
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0189/
Trust: 0.6
url:https://www.se.com/ww/en/download/document/sevd-2019-344-01/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02577 // 
            
            
            
            JVNDB: JVNDB-2019-014052 // 
            
            
            
            CNNVD: CNNVD-201912-835 // 
            
            
            
            NVD: CVE-2019-6857

CREDITS
Mengmeng Young, Gideon Guo
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-835

SOURCES
db:CNVDid:CNVD-2020-02577
db:JVNDBid:JVNDB-2019-014052
db:CNNVDid:CNNVD-201912-835
db:NVDid:CVE-2019-6857

LAST UPDATE DATE
2024-11-23T21:36:14.570000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02577date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2019-014052date:2020-01-27T00:00:00
db:CNNVDid:CNNVD-201912-835date:2022-03-10T00:00:00
db:NVDid:CVE-2019-6857date:2024-11-21T04:47:17.580

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02577date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014052date:2020-01-27T00:00:00
db:CNNVDid:CNNVD-201912-835date:2019-12-10T00:00:00
db:NVDid:CVE-2019-6857date:2020-01-06T23:15:11.377