Use of insufficiently random values in Schneider Electric products - CVE-2019-6821
Published: June 5, 2019 / Updated: October 3, 2019
Vulnerability identifier: #VU18675
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-6821
CWE-ID: CWE-330
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Detailed vulnerability description
The vulnerability allows a remote attacker to guess the next generated value and impersonate another user or access sensitive information.
The vulnerability exists due to the device has predictable TCP initial sequence numbers.
A remote attacker can hijack TCP connection carrying unsecured communication and cause information leakage.
How to mitigate CVE-2019-6821
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
A vendor recommends to:
Modicon M340:
-
Schneider Electric recommends that affected users set up network segmentation and implement a firewall to block all remote/external access to TCP ports. Configure the Access Control List following the recommendations of the user manual Modicon M340 for Ethernet Communications Modules and Processors User Manual, in the chapter titled Messaging
- Configuration Parameters, which is available here: https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=31007131_K01_000_16.pdf&p_Doc_Ref=31007131K01000
Modicon Premium and Modicon Quantum:
- Set up network segmentation and implement a firewall to block all unauthorized access to all TCP ports.