#VU21479 Improper Check for Unusual or Exceptional Conditions in BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 - CVE-2019-6813
Published: October 2, 2019
Vulnerability identifier: #VU21479
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-6813
CWE-ID:
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
BMXNOR0200H Ethernet / Serial RTU module
Modicon M340
BMXNOR0200H Ethernet / Serial RTU module
Modicon M340
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.
The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted truncated SNMP packets to the port 161/UDP on the affected device and cause a denial of service condition.
The vulnerability exits due to the affected software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. A remote attacker can send a specially crafted truncated SNMP packets to the port 161/UDP on the affected device and cause a denial of service condition.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.