19 December 2019
Multiple vulnerabilities in Modicon controllers
Multiple vulnerabilities have been identified in Schneider Electric’s Modicon controllers, which, if exploited, could lead to denial-of-service conditions. A CVSS v3.0 base score of 7.5 was calculated for two of the three vulnerabilities– CVE-2019-6857 and CVE-2019-6856. The severity score calculated for the third vulnerability – CVE-2018-7794 – is 5.9. All three flaws are Improper Check for Unusual or Exceptional Conditions vulnerabilities.
The vulnerabilities affect the following Schneider Electric products:
- Modicon M580
- Modicon M340
- Modicon Quantum
- Modicon Premium
The vendor has made firmware updates that fix the above vulnerabilities available on its website.
Source: Schneider Electric