#VU18675 Use of insufficiently random values in Schneider Electric products - CVE-2019-6821
Published: June 5, 2019 / Updated: October 3, 2019
Vulnerability identifier: #VU18675
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-6821
CWE-ID: CWE-330
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Modicon Quantum
Modicon Premium
Modicon M340
Modicon M580
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to guess the next generated value and impersonate another user or access sensitive information.
The vulnerability exists due to the device has predictable TCP initial sequence numbers.
A remote attacker can hijack TCP connection carrying unsecured communication and cause information leakage.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
A vendor recommends to:
Modicon M340:
-
Schneider Electric recommends that affected users set up network segmentation and implement a firewall to block all remote/external access to TCP ports. Configure the Access Control List following the recommendations of the user manual Modicon M340 for Ethernet Communications Modules and Processors User Manual, in the chapter titled Messaging
- Configuration Parameters, which is available here: https://download.schneiderelectric.com/files?p_enDocType=User+guide&p_File_Name=31007131_K01_000_16.pdf&p_Doc_Ref=31007131K01000
Modicon Premium and Modicon Quantum:
- Set up network segmentation and implement a firewall to block all unauthorized access to all TCP ports.