SB2019070307 - Multiple vulnerabilities in Schneider Electric Modicon Controllers
Published: July 3, 2019 Updated: October 3, 2019
Security Bulletin ID
SB2019070307
Severity
Medium
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper check for unusual or exceptional conditions (CVE-ID: CVE-2019-6819)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.
The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted Modbus frame to the affected device and cause a denial of service condition.
2) Out-of-bounds read (CVE-ID: CVE-2018-7845)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when reading specific memory blocks in the controller over Modbus. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
3) Uncaught Exception (CVE-ID: CVE-2019-6830)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.The vulnerability exists due to uncaught exception vulnerability when sending an appropriately timed HTTP request to the controller. A remote attacker can cause a denial of service condition.
4) Uncaught Exception (CVE-ID: CVE-2018-7852)
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.The vulnerability exists due to uncaught exception vulnerability when an invalid private command parameter is sent to the controller over Modbus. A remote attacker can cause a
denial of service condition.
Remediation
Install update from vendor's website.
References
- https://www.us-cert.gov/ics/advisories/icsa-19-183-01
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763