19 December 2019

Multiple vulnerabilities in Modicon controllers

Multiple vulnerabilities have been identified in Schneider Electric’s Modicon controllers, which, if exploited, could lead to denial-of-service conditions. A CVSS v3.0 base score of 7.5 was calculated for two of the three vulnerabilities– CVE-2019-6857 and CVE-2019-6856. The severity score calculated for the third vulnerability –  CVE-2018-7794 – is 5.9. All three flaws are Improper Check for Unusual or Exceptional Conditions vulnerabilities.

The vulnerabilities affect the following Schneider Electric products:

  • Modicon M580
  • Modicon M340
  • Modicon Quantum
  • Modicon Premium 

The vendor has made firmware updates that fix the above vulnerabilities available on its website.

Source: Schneider Electric