Vulnerability Details CVE-2019-6828
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
Products affected by CVE-2019-6828
-
cpe:2.3:h:schneider-electric:modicon_m340:-
-
cpe:2.3:h:schneider-electric:modicon_m580:-
-
cpe:2.3:h:schneider-electric:modicon_premium:-
-
cpe:2.3:h:schneider-electric:modicon_quantum:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.01
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.10
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.12
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.30
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.41
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.80
-
cpe:2.3:o:schneider-electric:modicon_premium_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_premium_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:2.40
-
cpe:2.3:o:schneider-electric:modicon_quantum_firmware:3.60