Multiple vulnerabilities in Schneider Electric Modicon Controllers
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2018-7844 CVE-2019-6806 CVE-2018-7760 CVE-2018-7759 CVE-2018-7857 CVE-2019-6813 CVE-2019-6810 CVE-2019-6831 CVE-2019-6816 CVE-2019-6815 CVE-2019-6847 CVE-2019-6845 CVE-2019-6844 CVE-2019-6843 CVE-2019-6842 CVE-2019-6841 CVE-2019-6846 CVE-2019-6850 CVE-2019-6849 CVE-2019-6848 |
| CWE-ID | CWE-200 CWE-287 CWE-119 CWE-248 CWE-284 CWE-94 CWE-264 CWE-319 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
Modicon Quantum Hardware solutions / Firmware Modicon Premium Hardware solutions / Firmware Modicon M340 Hardware solutions / Firmware Modicon M580 Hardware solutions / Firmware BMXNOR0200H Ethernet / Serial RTU module Hardware solutions / Firmware Modicon BMxCRA modules Hardware solutions / Firmware Modicon 140CRA modules Hardware solutions / Firmware Modicon BMENOC0311 Hardware solutions / Firmware Modicon BMENOC0321 Hardware solutions / Firmware |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU21487
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-7844
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A remote attacker can gain unauthorized access to SNMP information when reading memory blocks from the controller over Modbus.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: All versions
Modicon M580: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU21492
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6806
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A remote attacker can gain unauthorized access to SNMP information when reading variables in the controller using Modbus.
Mitigation
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: All versions
Modicon M580: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Improper Authentication
EUVDB-ID: #VU21521
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-7760
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in CGI functions. A remote attacker can send a specially crafted request to CGI functions, bypass authentication process and gain unauthorized access to the application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBMXNOR0200H Ethernet / Serial RTU module: All versions
Modicon Premium: All versions
Modicon Quantum: All versions
Modicon M340: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU21520
Risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-7759
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. A remote attacker can trigger memory corruption and cause a denial of service condition.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBMXNOR0200H Ethernet / Serial RTU module: All versions
Modicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Uncaught Exception
EUVDB-ID: #VU21491
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-7857
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: All versions
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU21479
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6813
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition.
The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted truncated SNMP packets to the port 161/UDP on the affected device and cause a denial of service condition.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBMXNOR0200H Ethernet / Serial RTU module: All versions
Modicon M340: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/
http://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU21481
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6810
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can cause the execution of commands when using IEC 60870-5-104 protocol.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBMXNOR0200H Ethernet / Serial RTU module: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU21480
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6831
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBMXNOR0200H Ethernet / Serial RTU module: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Code Injection
EUVDB-ID: #VU21518
Risk: Medium
CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6816
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause the firmware modification.
The vulnerability exists due to improper input validation. A remote attacker can cause an unauthorized firmware modification with possible denial of service (DoS) condition when using Modbus protocol.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon Quantum: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-09/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU21519
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6815
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient permission restrictions. A remote attacker can cause a denial of service (DoS) condition or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon Quantum: All versions
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-09/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Uncaught Exception
EUVDB-ID: #VU22586
Risk: Medium
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6847
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M340: All versions
Modicon M580: All versions
Modicon BMxCRA modules: All versions
Modicon 140CRA modules: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Cleartext transmission of sensitive information
EUVDB-ID: #VU22584
Risk: Medium
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6845
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel when transferring applications to the controller using Modbus TCP protocol. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M340: All versions
Modicon M580: All versions
Modicon Premium: All versions
Modicon Quantum: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Uncaught Exception
EUVDB-ID: #VU22583
Risk: Medium
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6844
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M340: All versions
Modicon M580: All versions
Modicon BMxCRA modules: All versions
Modicon 140CRA modules: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Uncaught Exception
EUVDB-ID: #VU22582
Risk: Medium
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6843
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M340: All versions
Modicon M580: All versions
Modicon BMxCRA modules: All versions
Modicon 140CRA modules: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Uncaught Exception
EUVDB-ID: #VU22581
Risk: Medium
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6842
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M340: All versions
Modicon M580: All versions
Modicon BMxCRA modules: All versions
Modicon 140CRA modules: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Uncaught Exception
EUVDB-ID: #VU22580
Risk: Medium
CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6841
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncaught exception vulnerability when upgrading the firmware with no firmware image inside the package using FTP protocol. A remote authenticated administrator can cause a denial of service condition on the PLC.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M580: All versions
Modicon M340: All versions
Modicon BMxCRA modules: All versions
Modicon 140CRA modules: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Cleartext transmission of sensitive information
EUVDB-ID: #VU22578
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6846
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information when using the FTP protocol. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M340: All versions
Modicon M580: All versions
Modicon 140CRA modules: All versions
Modicon BMxCRA modules: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU22592
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6850
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation when reading specific registers with the REST API of the controller/communication module. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M580: All versions
Modicon BMENOC0311: All versions
Modicon BMENOC0321: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information disclosure
EUVDB-ID: #VU22591
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation when using specific Modbus services provided by the REST API of the controller/communication module. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M580: All versions
Modicon BMENOC0311: All versions
Modicon BMENOC0321: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Uncaught Exception
EUVDB-ID: #VU22590
Risk: Medium
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-6848
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsModicon M580: All versions
Modicon BMENOC0311: All versions
Modicon BMENOC0321: All versions
External linkshttp://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
