SB2019052219 - Multiple vulnerabilities in Schneider Electric Modicon Controllers
Published: May 22, 2019 Updated: October 3, 2019
Security Bulletin ID
SB2019052219
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Uncaught Exception (CVE-ID: CVE-2018-7856)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.The vulnerability exists due to uncaught exception vulnerability when writing invalid memory blocks to the controller over Modbus. A remote attacker can cause a denial of service condition.
2) Uncaught Exception (CVE-ID: CVE-2018-7843)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.The vulnerability exists due to uncaught exception vulnerability when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. A remote attacker can cause a denial of service condition.
Remediation
Install update from vendor's website.