Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-6829 (GCVE-0-2019-6829)
Vulnerability from cvelistv5
- CWE-248 - A Uncaught Exception
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
Schneider Electric SE | Modicon M580 |
Version: firmware version prior to V2.90 |
|||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "firmware version prior to V2.90" } ] }, { "product": "Modicon M340", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "firmware version prior to V3.10" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "A CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-17T19:44:12", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6829", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580", "version": { "version_data": [ { "version_value": "firmware version prior to V2.90" } ] } }, { "product_name": "Modicon M340", "version": { "version_data": [ { "version_value": "firmware version prior to V3.10" } ] } } ] }, "vendor_name": "Schneider Electric SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6829", "datePublished": "2019-09-17T19:44:12", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-6829\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2019-09-17T20:15:12.203\",\"lastModified\":\"2024-11-21T04:47:14.157\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.\"},{\"lang\":\"es\",\"value\":\"Una CWE-248: Se presenta una vulnerabilidad de Excepci\u00f3n No Capturada en Modicon M580 (versi\u00f3n de firmware anterior a V2.90) y Modicon M340 (versi\u00f3n de firmware anterior a V3.10), lo que podr\u00eda causar una posible denegaci\u00f3n de servicio durante la escritura en direcciones espec\u00edficas de memoria en el controlador sobre protocolo Modbus.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.90\",\"matchCriteriaId\":\"B9C5B0D1-D3A4-468A-807E-6BB3F98CC116\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E876C738-ABF6-4864-98A6-1E06E96A0DF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.10\",\"matchCriteriaId\":\"3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138681A2-0146-492B-8E10-06849FC27C6E\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
cnvd-2019-38870
Vulnerability from cnvd
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Name | ['Schneider Electric modicon m580 firmware <V2.90', 'Schneider Electric modicon m340 firmware <V3.10'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2019-6829", "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6829" } }, "description": "Schneider Electric Modicon M580\u548cSchneider Electric Modicon M340\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric Modicon M580\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u3002Schneider Electric Modicon M340\u662f\u4e00\u6b3e\u7528\u4e8e\u5de5\u4e1a\u8fc7\u7a0b\u548c\u57fa\u7840\u8bbe\u65bd\u7684\u4e2d\u7a0bPLC\uff08\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff09\u3002\n\n\u4f7f\u7528V2.90\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Schneider Electric Modicon M580\u548c\u4f7f\u7528V3.10\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Schneider Electric Modicon M340\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2019-38870", "openTime": "2019-11-01", "patchDescription": "Schneider Electric Modicon M580\u548cSchneider Electric Modicon M340\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric Modicon M580\u662f\u4e00\u6b3e\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u3002Schneider Electric Modicon M340\u662f\u4e00\u6b3e\u7528\u4e8e\u5de5\u4e1a\u8fc7\u7a0b\u548c\u57fa\u7840\u8bbe\u65bd\u7684\u4e2d\u7a0bPLC\uff08\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff09\u3002\r\n\r\n\u4f7f\u7528V2.90\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Schneider Electric Modicon M580\u548c\u4f7f\u7528V3.10\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Schneider Electric Modicon M340\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002", "patchName": "Schneider Electric Modicon M340\u548cModicon M580\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": [ "Schneider Electric modicon m580 firmware \u003cV2.90", "Schneider Electric modicon m340 firmware \u003cV3.10" ] }, "referenceLink": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "serverity": "\u9ad8", "submitTime": "2019-09-19", "title": "Schneider Electric Modicon M340\u548cModicon M580\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e" }
icsa-25-114-01
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "names": [ "Dong Yang" ], "organization": "Dingxiang Dongjian Security Lab", "summary": "reporting these vulnerabilities to Schneider Electric." }, { "names": [ "Gao Jian" ], "organization": "ns focus", "summary": "reporting these vulnerabilities to Schneider Electric." }, { "names": [ "Pavel Nesterov", "Artem Zinenko" ], "organization": "Kaspersky", "summary": "reporting these vulnerabilities to Schneider Electric." }, { "names": [ "Jared Rittle" ], "organization": "Cisco Talos", "summary": "reporting these vulnerabilities to Schneider Electric." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "We strongly recommend the following industry cybersecurity best practices.\n\nhttps://www.se.com/us/en/download/document/7EN52-0390/\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nFor more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. \n", "title": "General Security Recommendations" }, { "category": "general", "text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\nFor further information related to cybersecurity in Schneider Electric\u2019s products, visit the company\u2019s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp", "title": "For More Information" }, { "category": "legal_disclaimer", "text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION", "title": "LEGAL DISCLAIMER" }, { "category": "general", "text": "Schneider\u2019s purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and\r\nsustainability for all. We call this Life Is On.\n\nOur mission is to be the trusted partner in Sustainability and Efficiency.\n\nWe are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart\r\nindustries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep\r\ndomain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation,\r\nsoftware and services, delivering digital twins to enable profitable growth for our customers.\n\nWe are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries\r\nto ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our\r\nmeaningful purpose of a sustainable future for all. \n\n www.se.com", "title": "About Schneider Electric" }, { "category": "summary", "text": "Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products.\nThe Modicon Programmable Automation controllers are used for complex networked communication, display and control applications\nFailure to apply the mitigations or remediations provided below may risk execution of unsolicited command on the PLC which could result in a loss of availability of the controller\nFebruary 2025 Update: Correction of vulnerabilities impacting Quantum Safety processor.", "title": "Overview" }, { "category": "details", "text": "BMEP584040\nhttps://www.se.com/ww/en/download/document/M580_BMEP584040_SV3.10/\nBMEH584040 and C\nhttps://www.se.com/ww/en/download/document/M580_BMEH584040_SV3.10/\nBMEP586040 and C\nhttps://www.se.com/ww/en/download/document/M580_BMEP586040_SV3.10/\nBMEH586040 and C\nhttps://www.se.com/ww/en/download/document/M580_BMEH586040_SV3.10/\nBMEP581020 and H\nhttps://www.se.com/ww/en/download/document/M580_BMEP581020_SV3.10/\nBMEP582020 and H\nhttps://www.se.com/ww/en/download/document/M580_BMEP582020_SV3.10/\nBMEP582040 and H\nhttps://www.se.com/ww/en/download/document/M580_BMEP582040_SV3.10/\nBMEP583020\nhttps://www.se.com/ww/en/download/document/M580_BMEP583020_SV3.10/\nBMEP583040\nhttps://www.se.com/ww/en/download/document/M580_BMEP583040_SV3.10/\nBMEP584020\nhttps://www.se.com/ww/en/download/document/M580_BMEP584020_SV3.10/\nBMEP585040 and C\nhttps://www.se.com/ww/en/download/document/M580_BMEP585040_SV3.10/\nBMEH582040 and C\nhttps://www.se.com/ww/en/download/document/M580_BMEH582040_SV3.10/\nBMEP584040S\nhttps://www.se.com/ww/en/download/document/M580_BMEP584040S_SV3.10/\nBMEH584040S\nhttps://www.se.com/ww/en/download/document/M580_BMEH584040S_SV3.10/\nBMEH586040S\nhttps://www.se.com/ww/en/download/document/M580_BMEH586040S_SV3.10/\nBMEP582040S\nhttps://www.se.com/ww/en/download/document/M580_BMEP582040S_SV3.10/", "title": "M580 V3.10 Firmware Download Links" }, { "category": "details", "text": "BMXP3420302 and CL and H\nhttps://www.schneider-electric.com/en/download/document/BMXP3420302_Firmwares/\nBMXP342020 and H\nhttps://www.schneider-electric.com/en/download/document/BMXP342020_Firmwares/\nBMXP342000\nhttps://www.schneider-electric.com/en/download/document/BMXP342000_Firmwares/\nBMXP341000 and H\nhttps://www.schneider-electric.com/en/download/document/BMXP341000_Firmwares/\nBMXP3420102 and CL\nhttps://www.schneider-electric.com/en/download/document/BMXP3420102_Firmwares/\nBMXP3420302\nhttps://www.schneider-electric.com/en/download/document/BMXP3420302_Firmwares/", "title": "M340 V3.30 Firmware Download Links" }, { "category": "details", "text": "BMKC8020301\nhttps://www.se.com/ww/en/product-range/62396-modicon-mc80/#software-and-firmware", "title": "MC80 v1.80 Firmware Download Links" }, { "category": "details", "text": "TSXP57104M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57154M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP571634M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57204M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP572634M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57254M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57304M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP573634M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57354M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP574634M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57454M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP575634M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP57554M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXP576634M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXH5724M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.\nTSXH5744M [C]\nPlease contact your Schneider Electric customer support to get Premium V3.20 firmware.", "title": "Premium V3.20 firmware Download Links" }, { "category": "details", "text": "140CPU65150 [C]\n140CPU65160 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU651X0_SV3.60\n140CPU65260 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU65260_SV3.60\n140CPU67261 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60\n140CPU67060 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU67060_SV3.60\n140CPU67160 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU67160_SV3.60\n140CPU67261 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU67261_SV3.60\n140CPU67260 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU67260_SV3.60\n140CPU65860 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU65860_SV3.60\n140CPU67861 [C]\nhttps://www.schneider-electric.com/en/download/document/Quantum_140CPU67861_SV3.60\n140CPU65160S\nPlease contact your Schneider Electric customer support to get Quantum V3.60 firmware\n140CPU67160S\nPlease contact your Schneider Electric customer support to get Quantum V3.60 firmware", "title": "Quantum V3.60 firmware" }, { "category": "details", "text": "PLC Simulator for EcoStruxure\u2122 Control Expert \nSchneider Electric has made a fix available via a free download.\nEcoStruxure\u2122 Control Expert v15.1\nhttps://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software\u0002and-firmware", "title": "PLC Simulator for EcoStruxure\u2122 Control Expert" }, { "category": "general", "text": "Ethernet Programmable Automation Controller for industrial process and infrastructure\nProduct Category - All Categories\nLearn more about Schneider Electric\u2019s product categories here: www.schneider-electric.us/en/all-products\nHow to determine if you are affected \nAffected products listed in this security notification connected to an Ethernet network.", "title": "Product Information" }, { "category": "details", "text": "171CBU98090\nhttps://www.se.com/ww/en/download/document/Momentum_FW_update/", "title": "Modicon Momentum CPU SV2.6 Firmware" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "other", "text": "This CISA CSAF advisory was converted from Schneider Electric CPCERT\u0027s CSAF advisory.", "title": "Advisory Conversion Disclaimer" }, { "category": "other", "text": "Commercial Facilities, Critical Manufacturing, Energy", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "France", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" } ], "publisher": { "category": "other", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "Modicon Controllers - SEVD-2019-134-11_v7 CSAF Version", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2019-134-11.json" }, { "category": "self", "summary": "Modicon Controllers - SEVD-2019-134-11_v7 PDF Version", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf" }, { "category": "external", "summary": "Recommended Cybersecurity Best Practices", "url": "https://www.se.com/us/en/download/document/7EN52-0390/" }, { "category": "self", "summary": "ICS Advisory ICSA-25-114-01 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-114-01.json" }, { "category": "self", "summary": "ICS Advisory ICSA-25-114-01 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Schneider Electric Modicon Controllers", "tracking": { "current_release_date": "2025-02-11T06:00:00.000000Z", "generator": { "date": "2025-04-24T21:48:43.329Z", "engine": { "name": "Secvisogram", "version": "2.5.24" } }, "id": "ICSA-25-114-01", "initial_release_date": "2019-05-14T08:31:22.000000Z", "revision_history": [ { "date": "2019-05-14T08:31:22.000000Z", "number": "1.0.0", "summary": "Original Release" }, { "date": "2019-07-09T08:31:22.000000Z", "number": "1.1.0", "summary": "Updated to include links to M580 V2.90 Firmware and Control Expert Hot Fix V14.0" }, { "date": "2019-07-12T08:31:22.000000Z", "number": "1.2.0", "summary": "Updated mitigations for CVE-2019-6808" }, { "date": "2019-07-24T08:31:22.000000Z", "number": "1.3.0", "summary": "Updated links to M580 V2.90 Firmware" }, { "date": "2019-08-13T08:31:22.000000Z", "number": "2.0.0", "summary": "Updated:\r\no CVE-2018-7846: added fix available for M340 V3.10\r\no CVE-2018-7849: added fix available for M340 V3.10\r\no CVE-2018-7848: added fix available for M340 V3.10\r\no CVE-2018-7842: added fix available for M340 V3.10\r\no CVE-2018-7847: added fix available for M340 V3.10\r\no CVE-2018-7850: added fix available for M340 V3.10\r\no CVE-2018-7854: added fix available for M340 V3.10\r\no CVE-2018-7852: modified to change M580 release which was erroneous (2.80 instead of 2.90)\r\no CVE-2018-7855: added fix available for M340 V3.10\r\no CVE-2019-6807: added fix available for M340 V3.10\r\no CVE-2019-6808: added fix available for M340 V3.10\r\no CVE-2018-7843: modified to change M340 release which was erroneous (3.01 instead of 3.10)\r\no CVE-2018-7856: added fix on M340 V3.10 (available earlier than expected)\r\nAdded 4 new CVEs:\r\no CVE-2019-6830\r\no CVE-2019-6828\r\no CVE-2019-6829\r\no CVE-2019-6809" }, { "date": "2019-12-10T08:31:22.000000Z", "number": "3.0.0", "summary": "Updated:\r\no CVE-2019-6806: Corrected remediation information for Modicon M340\r\no CVE-2018-7845: Fix for Premium \u0026 Quantum\r\no CVE-2018-7843: Fix for Premium \u0026 Quantum\r\no CVE-2019-6809: Fix for Premium \u0026 Quantum\r\no CVE-2019-6807: Fix for Premium \u0026 Quantum\r\no CVE-2018-7857: Fix for Premium \u0026 Quantum\r\no CVE-2018-7856: Fix for Premium \u0026 Quantum\r\no CVE-2018-7852: Fix for Premium \u0026 Quantum\r\no CVE-2019-6828: Fix for Premium \u0026 Quantum\r\no Update of download links for latest versions of M580 / M340 \u0026 Quantum, plus customer support information for Premium." }, { "date": "2020-05-12T08:31:22.000000Z", "number": "4.0.0", "summary": "Updated fix version information for CVE-2018-7857" }, { "date": "2020-08-11T08:31:22.000000Z", "number": "4.1.0", "summary": "Updated fix version information for CVE-2018-7857:\r\no Additional fixes available for M580 v3.10\r\no Quantum \u0026 Premium previous fix is not enough to correct the CVE and requires the additional mitigations proposed" }, { "date": "2020-10-12T08:31:22.000000Z", "number": "5.0.0", "summary": "Additional required remediation steps added for M580 and M340 applicable to the following CVEs:\r\n\u2022 CVE-2018-7846\r\n\u2022 CVE-2018-7849\r\n\u2022 CVE-2018-7843\r\n\u2022 CVE-2018-7848\r\n\u2022 CVE-2018-7842\r\n\u2022 CVE-2018-7847\r\n\u2022 CVE-2018-7850\r\n\u2022 CVE-2018-7845\r\n\u2022 CVE-2018-7852\r\n\u2022 CVE-2018-7853\r\n\u2022 CVE-2018-7854\r\n\u2022 CVE-2018-7855\r\n\u2022 CVE-2018-7856\r\n\u2022 CVE-2018-7857\r\n\u2022 CVE-2019-6807\r\n\u2022 CVE-2019-6808\r\n\u2022 CVE-2019-6830\r\n\u2022 CVE-2019-6828\r\n\u2022 CVE-2019-6829\r\n\u2022 CVE-2019-6809" }, { "date": "2020-12-08T08:31:22.000000Z", "number": "6.0.0", "summary": "A fix for additional attack scenario is available on M340 V3.30 for\r\nCVE-2018-7857" }, { "date": "2022-09-13T08:31:22.000000Z", "number": "7.0.0", "summary": "Modicon MC80 and PLC Simulator for EcoStruxure\u2122 Control Expert were added as impacted product of CVE-2018-7857 (page 7) and CVE-2019-6807 (page 8) and the remediation is provided on page 10." }, { "date": "2023-01-10T06:30:00.000000Z", "number": "8.0.0", "summary": "Modicon M340 and M580 latest firmware versions are affected by CVE-2018-7855 and additional mitigations were added in the mitigation section." }, { "date": "2023-03-14T06:30:00.000000Z", "number": "9.0.0", "summary": "A remediation is available for Modicon Momentum Unity M1E Processor part numbers 171CBU* for CVE-2018-7857 and CVE-2019-6807" }, { "date": "2024-02-13T00:00:00.000000Z", "number": "10.0.0", "summary": "A remediation is available for Modicon M340 and M580 for CVE-2018-7855. Updated products affected version numbers." }, { "date": "2024-07-09T00:00:00.000000Z", "number": "11.0.0", "summary": "Modicon MC80 and Momentum M1E PLCs were added as impacted products of CVE-2018-7855. Mitigations are available for Modicon MC80 and Momentum M1E PLCs for CVE-2018-7855." }, { "date": "2025-02-11T06:00:00.000000Z", "number": "12.0.0", "summary": "Correction of CVE list impacting Quantum Safety processor." } ], "status": "final", "version": "12.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c2.90", "product": { "name": "Schneider Electric Modicon M580 \u003c2.90", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version", "name": "3.10", "product": { "name": "Schneider Electric Modicon M580 3.10", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version_range", "name": "\u003c2.80", "product": { "name": "Schneider Electric Modicon M580 \u003c2.80", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version_range", "name": "\u003e2.80", "product": { "name": "Schneider Electric Modicon M580 \u003e2.80", "product_id": "CSAFPID-0004" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version_range", "name": "\u003c3.10", "product": { "name": "Schneider Electric Modicon M340 \u003c3.10", "product_id": "CSAFPID-0005" } } ], "category": "product_name", "name": "Modicon M340" }, { "branches": [ { "category": "product_version", "name": "3.20", "product": { "name": "Schneider Electric Modicon M340 3.20", "product_id": "CSAFPID-0006" } } ], "category": "product_name", "name": "Modicon M340" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Schneider Electric Modicon M340 all", "product_id": "CSAFPID-0007" } } ], "category": "product_name", "name": "Modicon M340" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Schneider Electric Modicon M580 all", "product_id": "CSAFPID-0008" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version_range", "name": "\u003c1.80", "product": { "name": "Schneider Electric Modicon MC80 BMKC80* \u003c1.80", "product_id": "CSAFPID-0009" } } ], "category": "product_name", "name": "Modicon MC80 BMKC80*" }, { "branches": [ { "category": "product_version", "name": "1.80", "product": { "name": "Schneider Electric Modicon MC80 BMKC80* 1.80", "product_id": "CSAFPID-0010" } } ], "category": "product_name", "name": "Modicon MC80 BMKC80*" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Schneider Electric Modicon Momentum CPU (part numbers 171CBU*) all versions", "product_id": "CSAFPID-0011" } } ], "category": "product_name", "name": "Modicon Momentum CPU (part numbers 171CBU*)" }, { "branches": [ { "category": "product_version_range", "name": "\u003c3.60", "product": { "name": "Schneider Electric Modicon Quantum \u003c3.60", "product_id": "CSAFPID-0012" } } ], "category": "product_name", "name": "Modicon Quantum" }, { "branches": [ { "category": "product_version", "name": "3.60", "product": { "name": "Schneider Electric Modicon Quantum 3.60", "product_id": "CSAFPID-0013" } } ], "category": "product_name", "name": "Modicon Quantum" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Schneider Electric Modicon Quantum all", "product_id": "CSAFPID-0014" } } ], "category": "product_name", "name": "Modicon Quantum" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Schneider Electric Modicon Premium all", "product_id": "CSAFPID-0015" } } ], "category": "product_name", "name": "Modicon Premium" }, { "branches": [ { "category": "product_version_range", "name": "\u003c3.60", "product": { "name": "Schneider Electric Modicon Premium \u003c3.60", "product_id": "CSAFPID-0016" } } ], "category": "product_name", "name": "Modicon Premium" }, { "branches": [ { "category": "product_version", "name": "3.60", "product": { "name": "Schneider Electric Modicon Premium 3.60", "product_id": "CSAFPID-0017" } } ], "category": "product_name", "name": "Modicon Premium" }, { "branches": [ { "category": "product_version_range", "name": "\u003c15.1", "product": { "name": "Schneider Electric PLC Simulator for EcoStruxure\u2122 Control Expert \u003c15.1", "product_id": "CSAFPID-0018" } } ], "category": "product_name", "name": "PLC Simulator for EcoStruxure\u2122 Control Expert" }, { "branches": [ { "category": "product_version", "name": "15.1", "product": { "name": "Schneider Electric PLC Simulator for EcoStruxure\u2122 Control Expert 15.1", "product_id": "CSAFPID-0019" } } ], "category": "product_name", "name": "PLC Simulator for EcoStruxure\u2122 Control Expert" }, { "branches": [ { "category": "product_version_range", "name": "\u003c3.20", "product": { "name": "Schneider Electric Modicon Premium \u003c3.20", "product_id": "CSAFPID-0020" } } ], "category": "product_name", "name": "Modicon Premium" }, { "branches": [ { "category": "product_version", "name": "3.20", "product": { "name": "Schneider Electric Modicon Premium 3.20", "product_id": "CSAFPID-0021" } } ], "category": "product_name", "name": "Modicon Premium" }, { "branches": [ { "category": "product_version_range", "name": "\u003cSV2.6", "product": { "name": "Schneider Electric Modicon Premium Modicon Momentum Unity M1E Processor (part numbers 171CBU*) \u003cSV2.6", "product_id": "CSAFPID-0022" } } ], "category": "product_name", "name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*)" }, { "branches": [ { "category": "product_version", "name": "SV2.6", "product": { "name": "Schneider Electric Modicon Premium Modicon Momentum Unity M1E Processor (part numbers 171CBU*) Modicon Momentum Unity M1E Processor (part numbers 171CBU*) SV2.6", "product_id": "CSAFPID-0023" } } ], "category": "product_name", "name": "Modicon Momentum Unity M1E Processor (part numbers 171CBU*)SV2.6" }, { "branches": [ { "category": "product_version_range", "name": "\u003csv4.20", "product": { "name": "Schneider Electric Modicon M580 versions prior to sv4.20", "product_id": "CSAFPID-0024" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version", "name": "sv4.20", "product": { "name": "Schneider Electric Modicon M580 versions prior to sv4.20", "product_id": "CSAFPID-0025" } } ], "category": "product_name", "name": "Modicon M580" }, { "branches": [ { "category": "product_version_range", "name": "\u003cSV3.60", "product": { "name": "Schneider Electric Modicon M340 versions prior to SV3.60", "product_id": "CSAFPID-0026" } } ], "category": "product_name", "name": "Modicon M340" }, { "branches": [ { "category": "product_version", "name": "SV3.60", "product": { "name": "Schneider Electric Modicon M340 SV3.60", "product_id": "CSAFPID-0027" } } ], "category": "product_name", "name": "Modicon M340" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Modicon MC80 all versions", "product_id": "CSAFPID-0028" } } ], "category": "product_name", "name": "Modicon MC80" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Modicon Momentum M1E all versions", "product_id": "CSAFPID-0029" } } ], "category": "product_name", "name": "Modicon Momentum M1E" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Modicon Quantum Safety all versions", "product_id": "CSAFPID-0030" } } ], "category": "product_name", "name": "Modicon Quantum Safety" } ], "category": "vendor", "name": "Schneider Electric" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Pavel Nesterov", "Artem Zinenko" ], "organization": "Kaspersky ICS CERT" } ], "cve": "CVE-2018-7846", "cwe": { "id": "CWE-501", "name": "Trust Boundary Violation" }, "notes": [ { "category": "description", "text": "A CWE-501: Trust Boundary Violation vulnerability on connection to the controller exists which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "To mitigate the risks associated to Modbus weaknesses, users should immediately:\u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manuals: o \u201cMomentum for EcoStruxure\u2122 Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124\u2022Setup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\u2022Setup a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller.", "product_ids": [ "CSAFPID-0011" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] } ], "title": "CVE-2018-7846" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Pavel Nesterov", "Artem Zinenko" ], "organization": "Kaspersky ICS CERT" } ], "cve": "CVE-2018-7849", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists which could cause a possible Denial of Service due to improper data integrity check when sending files to the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network \nModules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] } ], "title": "CVE-2018-7849" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7843", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0021", "CSAFPID-0013" ], "known_affected": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0020", "CSAFPID-0012" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V2.80, refer to the Remediation Steps \u0026 Download Links note.\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0003" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0020" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Quantum controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d:https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0012" ], "restart_required": { "category": "none" } } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0020", "CSAFPID-0012" ] } ], "title": "CVE-2018-7843" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Pavel Nesterov", "Artem Zinenko" ], "organization": "Kaspersky ICS CERT" } ], "cve": "CVE-2018-7848", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "CWE-200: Information Exposurevulnerability exists, which could cause the disclosure of SNMP information when reading files from the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0015", "CSAFPID-0014", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0015", "CSAFPID-0014", "CSAFPID-0030" ] } ], "title": "CVE-2018-7848" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Pavel Nesterov", "Artem Zinenko" ], "organization": "Kaspersky ICS CERT" } ], "cve": "CVE-2018-7842", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "notes": [ { "category": "description", "text": "A CWE-290: Authentication Bypass by Spoofingvulnerability exists which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] } ], "title": "CVE-2018-7842" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Pavel Nesterov", "Artem Zinenko" ], "organization": "Kaspersky ICS CERT" } ], "cve": "CVE-2018-7847", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "A CWE-284: Improper Access Control vulnerability exists which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] } ], "title": " CVE-2018-7847" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7850", "cwe": { "id": "CWE-807", "name": "Reliance on Untrusted Inputs in a Security Decision" }, "notes": [ { "category": "description", "text": "A CWE-807: Reliance on Untrusted Inputs in a Security Decisionvulnerability exists which could cause invalid information displayed in Unity Pro software.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] } ], "title": "CVE-2018-7850" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7845", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A CWE-125: Out-of-bounds Readvulnerability exists, which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0021", "CSAFPID-0013" ], "known_affected": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0020", "CSAFPID-0012" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0003" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon Premium all versions prior to version V3.20 \u2013 A fix is available on Modicon Premium V3.20, please contact your Schneider Electric customer support to get the V3.20 firmware.", "product_ids": [ "CSAFPID-0020" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "vendor_fix", "details": "Modicon Quantum all versions prior to version V3.60 \u2013 A fix is available on Modicon Quantum V3.60, links to fixed version in the Download links notes.", "product_ids": [ "CSAFPID-0012" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0020", "CSAFPID-0012" ] } ], "title": "CVE-2018-7845 " }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7852", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists which could cause denial o f s ervice when an invalid private command parameter is sent to the controller over Modbus.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0017", "CSAFPID-0021" ], "known_affected": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0012", "CSAFPID-0016", "CSAFPID-0020", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V2.80, refer to the Remediation Steps \u0026 Download Links note.\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0003" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0020" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Quantum controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d:https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0012" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0012", "CSAFPID-0016", "CSAFPID-0020", "CSAFPID-0030" ] } ], "title": "CVE-2018-7852" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7853", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists, which could cause denial o f s ervice when reading invalid physical memory blocks in the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002" ], "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005" ] } ], "title": "CVE-2018-7853" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7854", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248 Uncaught Exceptionvulnerability exists which could cause a denial o f Service when sending invalid debug parameters to the controller over Modbus.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005" ] } ], "title": " CVE-2018-7854 " }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7855", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248 Uncaught Exceptionvulnerability exists, which could cause a Denial o f Service when sending invalid breakpoint parameters to the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0027", "CSAFPID-0025" ], "known_affected": [ "CSAFPID-0024", "CSAFPID-0026", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware v4.20. M580 Remediation Steps: Schneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware.\u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0(https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/-software-and-firmare).\u2022 On the Modicon M580 controller, update to firmware SV4.20 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022 Setting up an application password in the project properties\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022 Rebuild all current projects\u2022 Transfer them to Modicon controller", "product_ids": [ "CSAFPID-0024" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/product-range/62098-modicon-m580-epac/#software-and-firmware" }, { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M340 firmware v3.60. M340 Remediation Steps: Schneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability:STEP 1: Update software and firmware\u2022 On the engineering workstation, update to EcoStruxure Control Expert v16.0 or later (https://www.se.com/ww/en/product-range/548-ecostruxure-control-expert-unity-pro/#software-and-firmware).\u2022 On the Modicon M340 controller, update to firmware v3.60 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022 Setting up an application password in the project properties\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller STEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022 Rebuild all current projects\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0026" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/product-range/1468-modicon-m340/#software-and-firmware" }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" }, { "category": "mitigation", "details": "To mitigate the risks associated with CVE-2018-7855, users should immediately apply the following steps:\r\n \u2022 Setup an application password in the project properties \r\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\n o \u201cModicon MC80 Programmable Logic Controller (PLC) manual\u201d in the chapter \u201cAccess Control List (ACL)\u201d: https://www.se.com/ww/en/download/document/EIO0000002071/ \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: \r\nhttps://www.se.com/ww/en/download/document/EIO0000001999/", "product_ids": [ "CSAFPID-0028" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/EIO0000002071/" }, { "category": "mitigation", "details": "To mitigate the risks associated to Modbus weaknesses, users should immediately: \r\n\u2022 Setup an application password in the project properties \r\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP \r\n\u2022 Configure the Access Control List following the recommendations of the user manuals: \r\no \u201cMomentum for EcoStruxure\u2122 Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d https://download.schneiderelectric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124 \r\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controller Systems Cybersecurity, User Guide\u201d in chapter \u201cSet Up Encrypted Communication\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/ \r\n\u2022 Setup a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller.", "product_ids": [ "CSAFPID-0029" ], "restart_required": { "category": "none" }, "url": "https://download.schneiderelectric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0024", "CSAFPID-0026", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0028", "CSAFPID-0029", "CSAFPID-0030" ] } ], "title": "CVE-2018-7855" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7856", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0021", "CSAFPID-0013" ], "known_affected": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0020", "CSAFPID-0012" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0003" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon Premium all versions prior to version V3.20 \u2013 A fix is available on Modicon Premium V3.20, please contact your Schneider Electric customer support to get the V3.20 firmware.", "product_ids": [ "CSAFPID-0020" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "vendor_fix", "details": "Modicon Quantum all versions prior to version V3.60 \u2013 A fix is available on Modicon Quantum V3.60, links to fixed version in the Download links notes.", "product_ids": [ "CSAFPID-0012" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0020", "CSAFPID-0012" ] } ], "title": "CVE-2018-7856" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Dong Yang" ], "organization": "Dingxiang Dongjian Security Lab" }, { "names": [ "Gao Jian" ], "organization": "NS FOCUS" } ], "cve": "CVE-2018-7857", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists, which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0010", "CSAFPID-0019", "CSAFPID-0023" ], "known_affected": [ "CSAFPID-0008", "CSAFPID-0007", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0009", "CSAFPID-0011", "CSAFPID-0018", "CSAFPID-0022", "CSAFPID-0030" ], "recommended": [ "CSAFPID-0004", "CSAFPID-0006" ] }, "remediations": [ { "category": "workaround", "details": "Modicon M580 all versions \u2013 A partial fix is available for this vulnerability on Modicon M580 firmware V2.90 or higher\nFixes for additional attack scenarios are available in V3.10, refer to the Remediation Steps \u0026 Download Links section. Users are also encouraged to apply the additional recommendations proposed in the Mitigations section.\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers\nTo mitigate the risks associated to Modbus weaknesses, users should immediately:\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP.\nSetup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\n\u2022 Use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d:\nhttps://www.se.com/ww/en/download/document/HRB62665/", "product_ids": [ "CSAFPID-0008" ] }, { "category": "mitigation", "details": "\n\nModicon M340 all versions \u2013 A partial fix is available for this vulnerability on Modicon M340 firmware V3.10 or higher.\no Fixes for additional attack scenarios are available in V3.30, refer to the Remediation Steps \u0026 Download Links section. Users are also encouraged to apply the additional recommendations proposed in the Mitigations section.\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\n\u2022 On the Modicon M340 controller, update to firmware V3.30 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers\nTo mitigate the risks associated to Modbus weaknesses, users should immediately:\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d:\nhttps://www.se.com/ww/en/download/document/31007131K01000/", "product_ids": [ "CSAFPID-0007" ] }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" }, { "category": "workaround", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately:\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network\nModules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d:\nhttps://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ] }, { "category": "vendor_fix", "details": "Modicon MC80 firmware version prior to v1.80 \u2013 A fix is available for this vulnerability on Modicon MC80 (part numbers BMKC80*), refer to the Remediation Steps \u0026 Download Links section.\nModicon MC80 Remediation Steps\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V15.1 (available below).\n\u2022 On the Modicon MC80 controller, update to firmware V1.80 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0009" ] }, { "category": "mitigation", "details": "Modicon Momentum CPU (part numbers 171CBU*) all versions \u2013 See recommendations in the Mitigations section\nTo mitigate the risks associated to Modbus weaknesses, users should immediately:\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\u2022 Configure the Access Control List following the recommendations of the user manuals:\no \u201cMomentum for EcoStruxure\u2122 Control Expert - 171 CBU 78090, 171 CBU 98090, 171 CBU 98091 Processors\u201d manual in the chapter \u201cModbus Messaging and Access Control\u201d https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124\n\u2022 Setup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\n\u2022 Setup a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxure Control Expert or Process Expert. Note: this functionality may be provided by an external IPSEC compatible firewall located close to the controller.", "product_ids": [ "CSAFPID-0011" ] }, { "category": "vendor_fix", "details": "PLC Simulator for EcoStruxure\u2122 Control Expert prior to v15.1 \u2013 A fix is available for this vulnerability on PLC Simulator, refer to the Remediation Steps \u0026 Download Links section.\nPLC Simulator for EcoStruxure\u2122 Control Expert\nSchneider Electric has made a fix available via a free download.\nEcoStruxure\u2122 Control Expert v15.1 https://www.se.com/ww/en/download/document/EcoStruxureControlExpert_V15.1/", "product_ids": [ "CSAFPID-0018" ] }, { "category": "vendor_fix", "details": "Schneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V15.1 or later (available below).\n\u2022 On the Modicon Momentum CPU, update to firmware V2.6, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0022" ], "url": "https://www.se.com/ww/en/download/document/Momentum_FW_update/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0008", "CSAFPID-0007", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0009", "CSAFPID-0011", "CSAFPID-0018", "CSAFPID-0030" ] } ], "title": "CVE-2018-7857" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6806", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-200: Information Exposurevulnerability exists which could cause the disclosure of SNMP information when reading variables in the controller using Modbus. ", "title": "CVE Description" } ], "product_status": { "known_affected": [ "CSAFPID-0008", "CSAFPID-0007", "CSAFPID-0015", "CSAFPID-0014", "CSAFPID-0030" ] }, "remediations": [ { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" }, { "category": "mitigation", "details": "Schneider Electric is establishing a remediation plan for all future versions of Modicon M580 controllers that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: \u2022Setup an application password in the project properties\u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manuals: o \u201cModicon M580, Hardware, Reference Manual\u201d: https://www.se.com/ww/en/download/document/EIO0000001578/\u2022Setup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/o use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/OR\u2022Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350OR\u2022Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\u2022Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/o NOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.", "product_ids": [ "CSAFPID-0008" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric is establishing a remediation plan for all future versions of M340 Controllers that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: \u2022Setup an application password in the project properties\u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manuals: o \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/\u2022Setup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\u2022Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/", "product_ids": [ "CSAFPID-0007" ], "restart_required": { "category": "none" } }, { "category": "no_fix_planned", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately:\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d:\nhttps://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0008", "CSAFPID-0007", "CSAFPID-0015", "CSAFPID-0014", "CSAFPID-0030" ] } ], "title": "CVE-2019-6806" }, { "acknowledgments": [ { "names": [ "Jared Rittle" ], "organization": "Cisco Talos" }, { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6807", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exceptionvulnerability exists which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0004", "CSAFPID-0006", "CSAFPID-0017", "CSAFPID-0021", "CSAFPID-0023" ], "known_affected": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0012", "CSAFPID-0016", "CSAFPID-0020", "CSAFPID-0022" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V2.80, refer to the Remediation Steps \u0026 Download Links note.\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0003" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0020" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Quantum controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d:https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0012" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Schneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V15.1 or later (available below).\n\u2022 On the Modicon Momentum CPU, update to firmware V2.6, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0022" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0012", "CSAFPID-0016", "CSAFPID-0020" ] } ], "title": "CVE-2019-6807" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6808", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-284: Improper Access Control vulnerability exists, which could cause a remote code execution by overwriting configuration settings of the controller over Modbus", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0030" ] } ], "title": "CVE-2019-6808" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2018-7844", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "A CWE-284: Improper Access Control vulnerability exists, which could cause a remote code execution by overwriting configuration settings of the controller over Modbus", "title": "CVE Description" } ], "product_status": { "known_affected": [ "CSAFPID-0008", "CSAFPID-0007", "CSAFPID-0015", "CSAFPID-0014", "CSAFPID-0030" ] }, "remediations": [ { "category": "mitigation", "details": "Schneider Electric\u0027s Modicon Quantum and Quantum Safety controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 or M580 Safety ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. \n\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately: \n\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\n\u2022 Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d: https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014", "CSAFPID-0030" ], "restart_required": { "category": "none" }, "url": "https://www.se.com/ww/en/download/document/33002467K01000/" }, { "category": "mitigation", "details": "Schneider Electric is establishing a remediation plan for all future versions of Modicon M580 controllers that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: \u2022Setup an application password in the project properties\u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manuals: o \u201cModicon M580, Hardware, Reference Manual\u201d: https://www.se.com/ww/en/download/document/EIO0000001578/\u2022Setup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/o use a BMENOC module and follow the instructions to configure IPSEC feature as described in the guideline \u201cModicon M580 - BMENOC03.1 Ethernet Communications Schneider Electric Security Notification Module, Installation and Configuration Guide\u201d in the chapter \u201cConfiguring IPSEC communications\u201d: https://www.se.com/ww/en/download/document/HRB62665/OR\u2022Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in the chapter \u201cConfiguring the BMENUA0100 Cybersecurity Settings\u201d: https://www.se.com/ww/en/download/document/PHA83350OR\u2022Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\u2022Ensure the M580 CPU is running with the memory protection activated by configuring the input bit to a physical input, for more details refer to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual\u201d, \u201cCPU Memory Protection section\u201d: https://www.schneider-electric.com/en/download/document/EIO0000001999/o NOTE: The CPU memory protection cannot be configured with M580 Hot Standby CPUs. In such cases, use IPsec encrypted communication.", "product_ids": [ "CSAFPID-0008" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric is establishing a remediation plan for all future versions of M340 Controllers that will include a fix for this vulnerability. We will update this document when the remediation is available. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit: \u2022Setup an application password in the project properties\u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manuals: o \u201cModicon M340 for Ethernet Communications Modules and Processors User Manual\u201d in chapter \u201cMessaging Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/31007131K01000/\u2022Setup a secure communication according to the following guideline \u201cModicon Controllers Platform Cyber Security Reference Manual,\u201d in chapter \u201cSetup secured communications\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/\u2022Consider use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 \u0026 M580 architectures. For more details refer to the chapter \u201cHow to protect M580 and M340 architectures with EAGLE40 using VPN\u201d: https://www.se.com/ww/en/download/document/EIO0000001999/", "product_ids": [ "CSAFPID-0007" ], "restart_required": { "category": "none" } }, { "category": "no_fix_planned", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information.\nTo mitigate the risks associated to Modbus/ weaknesses, users should immediately:\n\u2022 Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\n\u2022 Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d:\nhttps://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0008", "CSAFPID-0007", "CSAFPID-0015", "CSAFPID-0014", "CSAFPID-0030" ] } ], "title": "CVE-2018-7844 " }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6830", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0004" ], "known_affected": [ "CSAFPID-0003" ] }, "remediations": [ { "category": "vendor_fix", "details": "Modicon M580 all versions prior to V2.80 \u2013 A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links section in notes. Schneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\nSTEP 1: Update software and firmware.\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\nSTEP 2: Update projects in Ecostruxure Control Expert by:\n\u2022 Setting up an application password in the project properties\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\n\u2022 Rebuild all current projects\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0003" ], "restart_required": { "category": "none" } } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0003" ] } ], "title": "CVE-2019-6830" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6828", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. ", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0015", "CSAFPID-0014" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Quantum controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d:https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0015", "CSAFPID-0014" ] } ], "title": "CVE-2019-6828 " }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6829", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exception vulnerability exists which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005" ] } ], "title": "CVE-2019-6829" }, { "acknowledgments": [ { "names": [ "Gao Jian" ], "organization": "ns focus" } ], "cve": "CVE-2019-6809", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "notes": [ { "category": "description", "text": "A CWE-248: Uncaught Exception vulnerability exists, which could cause a possible denial of service when reading invalid data from the controller.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-0002", "CSAFPID-0006" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0015", "CSAFPID-0014" ] }, "remediations": [ { "category": "vendor_fix", "details": "A fix is available for this vulnerability on Modicon M580 firmware V3.10, refer to the Remediation Steps \u0026 Download Links note.\r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found in the below, all of the following steps are required to remediate the vulnerability:\r\nSTEP 1: Update software and firmware.\r\n\u2022 On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below).\r\n\u2022 On the Modicon M580 controller, update to firmware V3.10 or above, download link available below.\r\nSTEP 2: Update projects in Ecostruxure Control Expert by:\r\n\u2022 Setting up an application password in the project properties\r\n\u2022 Changing the version of the controller firmware to match the new firmware version of the target controller\r\nSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\r\n\u2022 Rebuild all current projects\r\n\u2022 Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0001" ], "restart_required": { "category": "none" } }, { "category": "vendor_fix", "details": "Modicon M340 with firmware version prior to V3.10 \u2013 A fix is available for this vulnerability on Modicon M340 firmware V3.20, refer to the Remediation Steps \u0026 Download Links notes. \r\nSchneider Electric has made a fix available via a free download. After downloading the fix, found below, all of the following steps are required to remediate the vulnerability: STEP 1: Update software and firmware \u2022On the engineering workstation, update to EcoStruxure Control Expert V14.1 (available below). \u2022On the Modicon M340 controller, update to firmware V3.30 or above, download link available below. STEP 2: Update projects in Ecostruxure Control Expert by:\u2022Setting up an application password in the project properties\u2022Changing the version of the controller firmware to match the new firmware version of the target controllerSTEP 3: Rebuild and transfer projects in EcoStruxure Control Expert:\u2022Rebuild all current projects\u2022Transfer them to Modicon controllers", "product_ids": [ "CSAFPID-0005" ], "restart_required": { "category": "none" } }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Premium controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List following the recommendations of the user manual \u201cPremium and Atrium using EcoStruxure\u2122 Control Expert - Ethernet Network Modules, User Manual\u201d in chapters \u201cConnection configuration parameters / TCP/IP Services Configuration Parameters / Connection Configuration Parameters\u201d: https://www.se.com/ww/en/download/document/35006192K01000/", "product_ids": [ "CSAFPID-0015" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" }, { "category": "mitigation", "details": "Schneider Electric\u2019s Modicon Quantum controllers have reached their end of life and are no longer commercially available. They have been replaced by the Modicon M580 ePAC controller, our most current product offer. Customers should strongly consider migrating to the Modicon M580 ePAC. Please contact your local Schneider Electric technical support for more information. To mitigate the risks associated to Modbus/ weaknesses, users should immediately: \u2022Setup network segmentation and implement a firewall to block all unauthorized access to port 502/TCP\u2022Configure the Access Control List feature as mentioned in \u201cQuantum using EcoStruxure\u2122 Control Expert - TCP/IP Configuration, User Manual\u201d in chapter \u201cSoftware Settings for Ethernet Communication / Messaging / Quantum NOE Ethernet Messaging Configuration\u201d:https://www.se.com/ww/en/download/document/33002467K01000/", "product_ids": [ "CSAFPID-0014" ], "restart_required": { "category": "none" }, "url": "https://download.schneider-electric.com/files?p_enDocType=User+guide\u0026p_File_Name=HRB44124.08.pdf\u0026p_Doc_Ref=HRB44124" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0005", "CSAFPID-0015", "CSAFPID-0014" ] } ], "title": "CVE-2019-6809" } ] }
var-201909-0045
Vulnerability from variot
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. Modicon M580 and Modicon M340 Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are products of Schneider Electric. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure.
There are security vulnerabilities in Schneider Electric Modicon M580 using firmware before V2.90 and Schneider Electric Modicon M340 using firmware before V3.10. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0045", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "modicon m340", "scope": "lt", "trust": 1.8, "vendor": "schneider electric", "version": "3.10" }, { "model": "modicon m580", "scope": "lt", "trust": 1.8, "vendor": "schneider electric", "version": "2.90" }, { "model": "electric modicon m340", "scope": "lt", "trust": 0.6, "vendor": "schneider", "version": "v3.10" }, { "model": "electric modicon m580", "scope": "lt", "trust": 0.6, "vendor": "schneider", "version": "v2.90" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "modicon m580", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "modicon m340", "version": "*" } ], "sources": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "NVD", "id": "CVE-2019-6829" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009521" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Discovered by Jared Rittle of Cisco Talos.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-918" } ], "trust": 0.6 }, "cve": "CVE-2019-6829", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-6829", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-38870", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "422fcd15-89fa-4cc7-8516-6f107433b982", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-6829", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-6829", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6829", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6829", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-38870", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201908-918", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "CNNVD", "id": "CNNVD-201908-918" }, { "db": "NVD", "id": "CVE-2019-6829" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. Modicon M580 and Modicon M340 Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are products of Schneider Electric. Schneider Electric Modicon M580 is a programmable automation controller. Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. \n\nThere are security vulnerabilities in Schneider Electric Modicon M580 using firmware before V2.90 and Schneider Electric Modicon M340 using firmware before V3.10. An attacker could exploit this vulnerability to cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2019-6829" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6829", "trust": 3.2 }, { "db": "SCHNEIDER", "id": "SEVD-2019-134-11", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2019-38870", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-918", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009521", "trust": 0.8 }, { "db": "TALOS", "id": "TALOS-2019-0807", "trust": 0.6 }, { "db": "IVD", "id": "422FCD15-89FA-4CC7-8516-6F107433B982", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "CNNVD", "id": "CNNVD-201908-918" }, { "db": "NVD", "id": "CVE-2019-6829" } ] }, "id": "VAR-201909-0045", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNVD", "id": "CNVD-2019-38870" } ], "trust": 1.7935065 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNVD", "id": "CNVD-2019-38870" } ] }, "last_update_date": "2024-11-23T21:52:12.672000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SEVD-2019-134-11", "trust": 0.8, "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "title": "Patch for Schneider Electric Modicon M340 and Modicon M580 Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/188179" }, { "title": "Schneider Electric Modicon M580 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96603" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "CNNVD", "id": "CNNVD-201908-918" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-755", "trust": 1.8 }, { "problemtype": "CWE-248", "trust": 1.0 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "NVD", "id": "CVE-2019-6829" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.schneider-electric.com/en/download/document/sevd-2019-134-11/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6829" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6829" }, { "trust": 0.6, "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0807" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "CNNVD", "id": "CNNVD-201908-918" }, { "db": "NVD", "id": "CVE-2019-6829" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNVD", "id": "CNVD-2019-38870" }, { "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "db": "CNNVD", "id": "CNNVD-201908-918" }, { "db": "NVD", "id": "CVE-2019-6829" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-04T00:00:00", "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "date": "2019-11-01T00:00:00", "db": "CNVD", "id": "CNVD-2019-38870" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "date": "2019-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-918" }, { "date": "2019-09-17T20:15:12.203000", "db": "NVD", "id": "CVE-2019-6829" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-38870" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009521" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-918" }, { "date": "2024-11-21T04:47:14.157000", "db": "NVD", "id": "CVE-2019-6829" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-918" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Modicon M580 and Modicon M340 Vulnerabilities related to exceptional state handling", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009521" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "IVD", "id": "422fcd15-89fa-4cc7-8516-6f107433b982" }, { "db": "CNNVD", "id": "CNNVD-201908-918" } ], "trust": 0.8 } }
fkie_cve-2019-6829
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
schneider-electric | modicon_m580_firmware | * | |
schneider-electric | modicon_m580 | - | |
schneider-electric | modicon_m340_firmware | * | |
schneider-electric | modicon_m340 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus." }, { "lang": "es", "value": "Una CWE-248: Se presenta una vulnerabilidad de Excepci\u00f3n No Capturada en Modicon M580 (versi\u00f3n de firmware anterior a V2.90) y Modicon M340 (versi\u00f3n de firmware anterior a V3.10), lo que podr\u00eda causar una posible denegaci\u00f3n de servicio durante la escritura en direcciones espec\u00edficas de memoria en el controlador sobre protocolo Modbus." } ], "id": "CVE-2019-6829", "lastModified": "2024-11-21T04:47:14.157", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T20:15:12.203", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-248" } ], "source": "cybersecurity@se.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
CERTFR-2019-AVI-384
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
Schneider Electric | N/A | EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions antérieures à 1.1.0 | ||
Schneider Electric | N/A | Wiser for KNX (anciennement homeLYnk) versions antérieures à 2.4.0 | ||
Schneider Electric | N/A | Modicon Premium | ||
Schneider Electric | N/A | TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et antérieure, sans le correctif de sécurité TelevisGo_HotFix_20190715.exe | ||
Schneider Electric | N/A | Magelis HMIGTO series | ||
Schneider Electric | N/A | Magelis XBTGH series | ||
Schneider Electric | N/A | Magelis HMIGTUX series | ||
Schneider Electric | N/A | Magelis XBTGC series | ||
Schneider Electric | N/A | Modicon M580 versions antérieures à V2.90 | ||
Schneider Electric | N/A | Magelis HMIGTU series | ||
Schneider Electric | N/A | BMXNOR0200H Ethernet / Serial RTU module | ||
Schneider Electric | N/A | Magelis HMISTO series | ||
Schneider Electric | N/A | Magelis HMISCU series | ||
Schneider Electric | N/A | Magelis HMIGXO series | ||
Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à V3.10 | ||
Schneider Electric | N/A | Schneider Electric Software Update (SESU) SUT Service component versions antérieures à 2.3.1 | ||
Schneider Electric | N/A | Magelis XBTGT series | ||
Schneider Electric | N/A | Magelis HMIGXU series | ||
Schneider Electric | N/A | Magelis HMISTU series | ||
Schneider Electric | N/A | spaceLYnk versions antérieures à 2.4.0 | ||
Schneider Electric | N/A | Modicon Quantum |
Title | Publication Time | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Modicon Premium", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMIGTO series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis XBTGH series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMIGTUX series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis XBTGC series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMIGTU series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "BMXNOR0200H Ethernet / Serial RTU module", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMISTO series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMISCU series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMIGXO series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.10", "product": { "name": "Modicon M340", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis XBTGT series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMIGXU series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis HMISTU series", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Modicon Quantum", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2018-15361", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15361" }, { "name": "CVE-2019-8262", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8262" }, { "name": "CVE-2019-8277", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8277" }, { "name": "CVE-2019-6828", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6828" }, { "name": "CVE-2019-8265", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8265" }, { "name": "CVE-2019-8269", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8269" }, { "name": "CVE-2019-8260", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8260" }, { "name": "CVE-2019-8263", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8263" }, { "name": "CVE-2019-6832", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6832" }, { "name": "CVE-2019-8261", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8261" }, { "name": "CVE-2019-8276", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8276" }, { "name": "CVE-2018-7846", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7846" }, { "name": "CVE-2019-8259", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8259" }, { "name": "CVE-2018-7842", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7842" }, { "name": "CVE-2018-7849", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7849" }, { "name": "CVE-2019-8271", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8271" }, { "name": "CVE-2019-6831", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6831" }, { "name": "CVE-2019-6813", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6813" }, { "name": "CVE-2019-6809", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6809" }, { "name": "CVE-2019-6829", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6829" }, { "name": "CVE-2018-7852", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7852" }, { "name": "CVE-2019-8267", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8267" }, { "name": "CVE-2019-6830", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6830" }, { "name": "CVE-2019-6810", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6810" }, { "name": "CVE-2018-7854", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7854" }, { "name": "CVE-2019-8280", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8280" }, { "name": "CVE-2018-7844", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7844" }, { "name": "CVE-2018-7847", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7847" }, { "name": "CVE-2018-7855", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7855" }, { "name": "CVE-2019-8275", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8275" }, { "name": "CVE-2019-8274", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8274" }, { "name": "CVE-2019-6808", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6808" }, { "name": "CVE-2019-6826", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6826" }, { "name": "CVE-2018-7850", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7850" }, { "name": "CVE-2018-7856", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7856" }, { "name": "CVE-2019-8266", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8266" }, { "name": "CVE-2019-8270", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8270" }, { "name": "CVE-2019-6834", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6834" }, { "name": "CVE-2019-68067", "url": "https://www.cve.org/CVERecord?id=CVE-2019-68067" }, { "name": "CVE-2018-7845", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7845" }, { "name": "CVE-2019-8258", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8258" }, { "name": "CVE-2018-7857", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7857" }, { "name": "CVE-2019-8264", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8264" }, { "name": "CVE-2019-6833", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6833" }, { "name": "CVE-2019-8272", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8272" }, { "name": "CVE-2019-8268", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8268" }, { "name": "CVE-2019-68077", "url": "https://www.cve.org/CVERecord?id=CVE-2019-68077" }, { "name": "CVE-2019-8273", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8273" }, { "name": "CVE-2018-7853", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7853" }, { "name": "CVE-2018-7843", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7843" }, { "name": "CVE-2018-7848", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7848" } ], "initial_release_date": "2019-08-13T00:00:00", "last_revision_date": "2019-08-14T00:00:00", "links": [], "reference": "CERTFR-2019-AVI-384", "revisions": [ { "description": "Version initiale", "revision_date": "2019-08-13T00:00:00.000000" }, { "description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019", "revision_date": "2019-08-14T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf\u0026p_Doc_Ref=SEVD-2019-225-06" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-04" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-01" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-03" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf\u0026p_Doc_Ref=SEVD-2019-225-07" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-02" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-134-11" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-05" } ] }
gsd-2019-6829
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-6829", "description": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.", "id": "GSD-2019-6829" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-6829" ], "details": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.", "id": "GSD-2019-6829", "modified": "2023-12-13T01:23:49.716314Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6829", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580", "version": { "version_data": [ { "version_value": "firmware version prior to V2.90" } ] } }, { "product_name": "Modicon M340", "version": { "version_data": [ { "version_value": "firmware version prior to V3.10" } ] } } ] }, "vendor_name": "Schneider Electric SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.90", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6829" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-755" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-02-03T14:25Z", "publishedDate": "2019-09-17T20:15Z" } } }
ghsa-25r4-295r-fvqm
Vulnerability from github
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.
{ "affected": [], "aliases": [ "CVE-2019-6829" ], "database_specific": { "cwe_ids": [ "CWE-755" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-09-17T20:15:00Z", "severity": "HIGH" }, "details": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.", "id": "GHSA-25r4-295r-fvqm", "modified": "2022-05-24T16:56:24Z", "published": "2022-05-24T16:56:24Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6829" }, { "type": "WEB", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.