{"containers": {"cna": {"affected": [{"product": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-19T12:18:21.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6848", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)", "version": {"version_data": [{"version_value": "Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:31:04.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6848", "datePublished": "2019-10-29T14:53:10.000Z", "dateReserved": "2019-01-25T00:00:00.000Z", "dateUpdated": "2024-08-04T20:31:04.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "21CD1BE7-A4EC-4F24-AF27-18FE74D3B3D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0311_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "198E2FA8-C256-488A-B708-94FA10715459", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0311:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9765691-FAFF-4187-A162-FCE25720C181", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_bmenoc_0321_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EB1E46D-5A3F-4757-9147-465A63C12B61", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_bmenoc_0321:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6F92B09-1AF6-4EE5-BD09-2441B66F51C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module."}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en la CPU Modicon M580 (BMEx58*) y en el m\u00f3dulo de comunicaci\u00f3n Modicon M580 (BMENOC0311, BMENOC0321) (consulte la notificaci\u00f3n para obtener informaci\u00f3n sobre la versi\u00f3n), que podr\u00eda provocar un ataque de denegaci\u00f3n de servicio en el PLC al enviar datos espec\u00edficos en la API REST del controlador/m\u00f3dulo de comunicaci\u00f3n"}], "id": "CVE-2019-6848", "lastModified": "2024-11-21T04:47:16.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-29T19:15:22.330", "references": [{"source": "cybersecurity@se.com", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-281-04/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}