Main Vulnerability Database Vulnerabilities #VU21480

#VU21480 Improper Check for Unusual or Exceptional Conditions in BMXNOR0200H Ethernet / Serial RTU module - CVE-2019-6831

Published: October 2, 2019

Vulnerability identifier: #VU21480

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6831

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
BMXNOR0200H Ethernet / Serial RTU module

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send an unusually high number of IEC 60870-5-104 packets to the module on port 2404/TCP, cause disconnection of active connections and perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/

#VU21480 Improper Check for Unusual or Exceptional Conditions in BMXNOR0200H Ethernet / Serial RTU module - CVE-2019-6831

Description

Remediation

External links

Please verify you're human