Main Vulnerability Database Vulnerabilities #VU21484

Improper Check for Unusual or Exceptional Conditions in Modicon Quantum 140 NOE771x1 - CVE-2019-6811

Published: October 2, 2019

Vulnerability identifier: #VU21484

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-6811

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Modicon Quantum 140 NOE771x1

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.

The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted IP fragmented packet with a length greater than 65535 bytes to the module and cause a denial of service condition.

How to mitigate CVE-2019-6811

Install updates from vendor's website.

Sources

https://www.schneider-electric.com/en/download/document/SEVD-2019-253-02/

Improper Check for Unusual or Exceptional Conditions in Modicon Quantum 140 NOE771x1 - CVE-2019-6811

Detailed vulnerability description

How to mitigate CVE-2019-6811

Sources

Please verify you're human