cnvd - cnvd-2019-41493

cnvd-2019-41493

Vulnerability from cnvd

Title

Schneider Electric Modicon M580/M340/BMxCRA/140CRA拒绝服务漏洞（CNVD-2019-41493）

Description

Modicon M580/M340/BMxCRA/140CRA均是Schneider Electric（施耐德电气）推出的可编程逻辑控制器。 Schneider Electric Modicon M580/M340/BMxCRA/140CRA存在拒绝服务漏洞。攻击者可利用该漏洞通过FTP协议使用无固件镜像的固件包升级控制器导致拒绝服务。

Severity

中

Patch Name

Schneider Electric Modicon M580/M340/BMxCRA/140CRA拒绝服务漏洞（CNVD-2019-41493）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-281-02_Modicon_Controllers.pdf&p_Doc_Ref=SEVD-2019-281-02

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-6841

Impacted products

Name
['Schneider Electric Modicon M340', 'Schneider Electric Modicon M580', 'Schneider Electric Modicon BMxCRA', 'Schneider Electric Modicon 140CRA']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6841",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6841"
    }
  },
  "description": "Modicon M580/M340/BMxCRA/140CRA\u5747\u662fSchneider Electric\uff08\u65bd\u8010\u5fb7\u7535\u6c14\uff09\u63a8\u51fa\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\n\nSchneider Electric Modicon M580/M340/BMxCRA/140CRA\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7FTP\u534f\u8bae\u4f7f\u7528\u65e0\u56fa\u4ef6\u955c\u50cf\u7684\u56fa\u4ef6\u5305\u5347\u7ea7\u63a7\u5236\u5668\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-281-02",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41493",
  "openTime": "2019-11-19",
  "patchDescription": "Modicon M580/M340/BMxCRA/140CRA\u5747\u662fSchneider Electric\uff08\u65bd\u8010\u5fb7\u7535\u6c14\uff09\u63a8\u51fa\u7684\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\u3002\r\n\r\nSchneider Electric Modicon M580/M340/BMxCRA/140CRA\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7FTP\u534f\u8bae\u4f7f\u7528\u65e0\u56fa\u4ef6\u955c\u50cf\u7684\u56fa\u4ef6\u5305\u5347\u7ea7\u63a7\u5236\u5668\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "patchName": "Schneider Electric Modicon M580/M340/BMxCRA/140CRA\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-41493\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric Modicon M340",
      "Schneider Electric Modicon M580",
      "Schneider Electric Modicon BMxCRA",
      "Schneider Electric Modicon 140CRA"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-6841",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-30",
  "title": "Schneider Electric Modicon M580/M340/BMxCRA/140CRA\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-41493\uff09"
}

CVE-2019-6841 (GCVE-0-2019-6841)

Vulnerability from cvelistv5

Published

2019-10-29 14:46

Modified

2024-08-04 20:31

Severity ?

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Summary

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.

References

URL

Tags

https://www.se.com/ww/en/download/document/SEVD-2019-281-02/

x_refsource_MISC