Main Vulnerability Database SB2019091722

SB2019091722 - Denial of service in Modicon Quantum 140 NOE771x1

Published: September 17, 2019 Updated: October 2, 2019

Security Bulletin ID SB2019091722

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2019-6811)

CWE-ID: -

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted IP fragmented packet with a length greater than 65535 bytes to the module and cause a denial of service condition.

Remediation

Install update from vendor's website.

References

https://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/