Multiple vulnerabilities in Schneider Electric Modicon Controllers
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2019-6809 CVE-2018-7850 CVE-2018-7849 CVE-2018-7848 CVE-2018-7847 CVE-2018-7846 CVE-2018-7842 CVE-2019-6808 CVE-2019-6807 CVE-2018-7855 CVE-2018-7854 CVE-2018-7853 CVE-2019-6829 CVE-2019-6828 |
| CWE-ID | CWE-248 CWE-807 CWE-200 CWE-284 CWE-290 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. |
| Vulnerable software Subscribe |
Modicon Quantum Hardware solutions / Firmware Modicon Premium Hardware solutions / Firmware Modicon M340 Hardware solutions / Firmware Modicon M580 Hardware solutions / Firmware |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Uncaught exception
EUVDB-ID: #VU21478
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6809
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Reliance on untrusted inputs in a security decision
EUVDB-ID: #VU21510
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7850
CWE-ID:
CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Uncaught Exception
EUVDB-ID: #VU21502
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7849
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to improper data integrity check when sending files to the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Information disclosure
EUVDB-ID: #VU21501
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7848
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A remote attacker can gain unauthorized access to SNMP information when reading files from the controller over Modbus.
MitigationInstall updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Improper access control
EUVDB-ID: #VU21499
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7847
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can overwrite configuration settings of the controller over Modbus and cause a denial of service condition or potential code execution on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Trust boundary violation
EUVDB-ID: #VU21498
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7846
CWE-ID: N/A
Exploit availability: No
DescriptionInstall updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Authentication bypass by spoofing
EUVDB-ID: #VU21495
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7842
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Improper access control
EUVDB-ID: #VU21494
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6808
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can overwrite configuration settings of the controller over Modbus and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Uncaught Exception
EUVDB-ID: #VU21493
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6807
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when writing sensitive application variables to the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Uncaught Exception
EUVDB-ID: #VU21489
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7855
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when sending invalid breakpoint parameters to the controller over Modbus. A remote
attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Uncaught Exception
EUVDB-ID: #VU21488
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7854
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when sending invalid debug parameters to the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Uncaught Exception
EUVDB-ID: #VU21486
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7853
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when reading invalid physical memory blocks in the controller over Modbus. A
remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Uncaught Exception
EUVDB-ID: #VU21483
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6829
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when writing to specific memory addresses in the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Uncaught Exception
EUVDB-ID: #VU21482
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6828
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service (DoS) condition on the target system.
The vulnerability exists due to uncaught exception vulnerability when reading specific coils and registers in the controller over Modbus. A remote attacker can cause a denial of service condition.
Install updates from vendor's website.
Vulnerable software versionsModicon Quantum: All versions
Modicon Premium: All versions
Modicon M340: before 3.10
Modicon M580: 1.04 - 2.80
External linkshttp://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
