← Back

CVE-2019-6821

nvd nist
Published: May 22, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: NVD

Description

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

Affected (4)

Schneider Electric
4 products
Modicon M580 Firmware
Modicon M340 Firmware
Modicon Quantum Firmware
Modicon Premium Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M580 Firmware
Before 2.30
Running on/withPlatform Versions
Schneider Electric
Modicon M580
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Quantum Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Quantum
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Premium Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Premium
All versions

Related CWEs

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (6)

Source: cybersecurity@se.com
Third Party AdvisoryVDB Entry
Source: cybersecurity@se.com
Third Party AdvisoryUS Government Resource
Source: cybersecurity@se.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.