SB2019091723 - Multiple vulnerabilities in Schneider Electric Modicon Controllers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019091723

SB2019091723 - Multiple vulnerabilities in Schneider Electric Modicon Controllers

Published: September 17, 2019 Updated: October 3, 2019

Security Bulletin ID SB2019091723
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Uncaught exception (CVE-ID: CVE-2019-6809)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when reading invalid data from the controller. A remote attacker can cause a denial of service condition.

2) Reliance on untrusted inputs in a security decision (CVE-ID: CVE-2018-7850)

The vulnerability allows a remote attacker to cause modification of sensitive data.

The vulnerability exists due to the application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified in a way that bypasses the protection mechanism.  A remote attacker can cause invalid information displayed in Unity Pro software.

3) Uncaught Exception (CVE-ID: CVE-2018-7849)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to improper data integrity check when sending files to the controller over Modbus. A remote attacker can cause a denial of service condition.

4) Information disclosure (CVE-ID: CVE-2018-7848)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper input validation. A remote attacker can gain unauthorized access to SNMP information when reading files from the controller over Modbus.


5) Improper access control (CVE-ID: CVE-2018-7847)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can overwrite configuration settings of the controller over Modbus and cause a denial of service condition or potential code execution on the target system.


6) Trust boundary violation (CVE-ID: CVE-2018-7846)

The vulnerability allows a remote attacker to gain unauthorized access to the target system.

The vulnerability exists on connection to the Controller due to the affected product mixes trusted and untrusted data in the same data structure or structured message. A remote attacker can conduct a brute force attack on Modbus protocol to the controller and gain unauthorized access to the target system.

7) Authentication bypass by spoofing (CVE-ID: CVE-2018-7842)

The vulnerability allows a remote attacker to escalate privileges on the system.


The vulnerability exists due to improperly implemented authentication schemes that are subject to spoofing attacks. A remote attacker can gain elevated privileges by conducting a brute force attack on Modbus parameters sent to the controller.

8) Improper access control (CVE-ID: CVE-2019-6808)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can overwrite configuration settings of the controller over Modbus and execute arbitrary code on the target system.


9) Uncaught Exception (CVE-ID: CVE-2019-6807)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when writing sensitive application variables to the controller over Modbus. A remote attacker can cause a denial of service condition.

10) Uncaught Exception (CVE-ID: CVE-2018-7855)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when sending invalid breakpoint parameters to the controller over Modbus. A remote
attacker can cause a denial of service condition.

11) Uncaught Exception (CVE-ID: CVE-2018-7854)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when sending invalid debug parameters to the controller over Modbus. A remote attacker can cause a denial of service condition.

12) Uncaught Exception (CVE-ID: CVE-2018-7853)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when reading invalid physical memory blocks in the controller over Modbus. A
remote attacker can cause a denial of service condition.

13) Uncaught Exception (CVE-ID: CVE-2019-6829)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when writing to specific memory addresses in the controller over Modbus. A remote attacker can cause a denial of service condition.

14) Uncaught Exception (CVE-ID: CVE-2019-6828)

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.

The vulnerability exists due to uncaught exception vulnerability when reading specific coils and registers in the controller over Modbus. A remote attacker can cause a denial of service condition.

Remediation

Install update from vendor's website.

References