Main Vulnerability Database Vulnerabilities #VU21480

Improper Check for Unusual or Exceptional Conditions in BMXNOR0200H Ethernet / Serial RTU module - CVE-2019-6831

Published: October 2, 2019

Vulnerability identifier: #VU21480

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6831

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
BMXNOR0200H Ethernet / Serial RTU module

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send an unusually high number of IEC 60870-5-104 packets to the module on port 2404/TCP, cause disconnection of active connections and perform a denial of service attack.

How to mitigate CVE-2019-6831

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/

Improper Check for Unusual or Exceptional Conditions in BMXNOR0200H Ethernet / Serial RTU module - CVE-2019-6831

Detailed vulnerability description

How to mitigate CVE-2019-6831

Sources

Please verify you're human