CVE-2019-6813

moderate-risk

Published 2019-09-17

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.

Do I need to act?

0.51% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Modicon M340 Firmware

Bmxnor0200H Firmware

Affected Vendors

Schneider-Electric

References (6)

Third Party Advisory https://security.cse.iitk.ac.in/responsible-disclosure

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/

Third Party Advisory https://security.cse.iitk.ac.in/responsible-disclosure

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/

Vendor Advisory https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 7/34 · Low