CRITICAL🇵🇱 Wersja polska

CVE-2019-6808

CVSS 9.8v3.1pub. 2019-05-22upd. 2024-11-21

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Modicon M340

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Firmware

    OS
    Schneider-Electric
    < 3.10
  • Schneider Electric Modicon M580

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M580 Firmware

    OS
    Schneider-Electric
    < 2.90
  • Schneider Electric Modicon Premium

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Premium Firmware

    OS
    Schneider-Electric
    ≤ 3.20
  • Schneider Electric Modicon Quantum

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon Quantum Firmware

    OS
    Schneider-Electric
    ≤ 3.60
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-7475CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...

CVE-2018-7842CRITICAL9.8ten sam produkt

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon...

CVE-2018-7846CRITICAL9.8ten sam produkt

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of th...

CVE-2018-7847CRITICAL9.8ten sam produkt

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Mod...

CVE-2019-6815CRITICAL9.1ten sam produkt

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities...