CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108366 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 | Third Party Advisory US Government Resource |
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ | Patch Vendor Advisory |
http://www.securityfocus.com/bid/108366 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 | Third Party Advisory US Government Resource |
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 04:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/108366 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 - Third Party Advisory, US Government Resource | |
References | () https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ - Patch, Vendor Advisory |
03 Feb 2022, 14:30
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/108366 - Third Party Advisory, VDB Entry | |
References | (MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 6.5 |
31 Jan 2022, 19:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:se:modicon_m340:-:*:*:*:*:*:*:* |
Information
Published : 2019-05-22 20:29
Updated : 2024-11-21 04:47
NVD link : CVE-2019-6821
Mitre link : CVE-2019-6821
CVE.ORG link : CVE-2019-6821
JSON object : View
Products Affected
schneider-electric
- modicon_quantum_firmware
- modicon_m580
- modicon_m340_firmware
- modicon_quantum
- modicon_m340
- modicon_premium_firmware
- modicon_premium
- modicon_m580_firmware
CWE
CWE-330
Use of Insufficiently Random Values