Denial of service in Modicon Quantum 140 NOE771x1



Published: 2019-09-17 | Updated: 2019-10-02
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-6811
CWE-ID N/A
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Modicon Quantum 140 NOE771x1
Hardware solutions / Firmware

Vendor Schneider Electric

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU21484

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6811

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted IP fragmented packet with a length greater than 65535 bytes to the module and cause a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Modicon Quantum 140 NOE771x1: 6.9

External links

http://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###