CVE-2019-6816

Published: May 22, 2019Modified: Nov 21, 2024

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

Affected (1)

Products: Schneider Electric: Modicon Quantum Firmware

Schneider Electric

1 product

Modicon Quantum Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon Quantum Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon Quantum	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-09/

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-09/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.