CVE-2019-6848 - OpenCVE

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Modicon Bmenoc 0311 Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Modicon Bmenoc 0321 Firmware Modicon M580 Modicon M580 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.se.com/ww/en/download/document/SEVD-2019-281-04/

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2019-10-29T14:53:10

Updated: 2024-08-04T20:31:04.396Z

Reserved: 2019-01-25T00:00:00

Link: CVE-2019-6848

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-29T19:15:22.330

Modified: 2021-04-19T13:15:13.340

Link: CVE-2019-6848

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-19T12:18:21", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6848", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)", "version": {"version_data": [{"version_value": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:31:04.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6848", "datePublished": "2019-10-29T14:53:10", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en la CPU Modicon M580 (BMEx58*) y en el m\u00f3dulo de comunicaci\u00f3n Modicon M580 (BMENOC0311, BMENOC0321) (consulte la notificaci\u00f3n para obtener informaci\u00f3n sobre la versi\u00f3n), que podr\u00eda provocar un ataque de denegaci\u00f3n de servicio en el PLC al enviar datos espec\u00edficos en la API REST del controlador/m\u00f3dulo de comunicaci\u00f3n"}], "id": "CVE-2019-6848", "lastModified": "2021-04-19T13:15:13.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-29T19:15:22.330", "references": [{"source": "cybersecurity@se.com", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}