SB2019052222 - Multiple vulnerabilities in Schneider Electric Modicon Controllers
Published: May 22, 2019 Updated: November 7, 2019
Security Bulletin ID
SB2019052222
Severity
Medium
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use of insufficiently random values (CVE-ID: CVE-2019-6821)
The vulnerability allows a remote attacker to guess the next generated value and impersonate another user or access sensitive information.
The vulnerability exists due to the device has predictable TCP initial sequence numbers.
A remote attacker can hijack TCP connection carrying unsecured communication and cause information leakage.
2) File and Directory Information Exposure (CVE-ID: CVE-2019-6851)
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.