CVE-2019-6841

moderate-risk
Published 2019-10-29

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
NETWORK / LOW complexity

Affected Products (4)

Modicon Bmxcra Firmware
Modicon 140Cra Firmware

Affected Vendors

Schneider-Electric

References (2)

Vendor Advisory https://www.se.com/ww/en/download/document/SEVD-2019-281-02/
Vendor Advisory https://www.se.com/ww/en/download/document/SEVD-2019-281-02/
32
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 10/34 · Low