Vulnerability Details CVE-2019-6821
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.4
References
- http://www.securityfocus.com/bid/108366
- https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/
- http://www.securityfocus.com/bid/108366
- https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/
Products affected by CVE-2019-6821
-
cpe:2.3:h:schneider-electric:modicon_m340:-
-
cpe:2.3:h:schneider-electric:modicon_m580:-
-
cpe:2.3:h:schneider-electric:modicon_premium:-
-
cpe:2.3:h:schneider-electric:modicon_quantum:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.01
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.10
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.10
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.12
-
cpe:2.3:o:schneider-electric:modicon_premium_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_premium_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:2.40
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:3.60