Vulnerability Details : CVE-2019-6821
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
Products affected by CVE-2019-6821
- cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-6821
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-6821
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2019-6821
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by:
- cybersecurity@se.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-6821
-
http://www.securityfocus.com/bid/108366
Multiple Schneider Electric Products CVE-2019-6821 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
Schneider Electric Modicon Controllers | CISAThird Party Advisory;US Government Resource
-
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/
Security Notification - Modicon Controller | Schneider ElectricPatch;Vendor Advisory
Jump to