Vulnerability Details CVE-2019-6844
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.6%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2019-6844
-
cpe:2.3:h:schneider-electric:modicon_140cra:-
-
cpe:2.3:h:schneider-electric:modicon_bmxcra:-
-
cpe:2.3:h:schneider-electric:modicon_m340:-
-
cpe:2.3:h:schneider-electric:modicon_m580:-
-
cpe:2.3:o:schneider-electric:modicon_140cra_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.01
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.10
-
cpe:2.3:o:schneider-electric:modicon_m340_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.10
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.12
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.30
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.41
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.80
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:2.90
-
cpe:2.3:o:schneider-electric:modicon_m580_firmware:3.10