CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108366 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 | Third Party Advisory US Government Resource |
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2019-05-22 20:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-6821
Mitre link : CVE-2019-6821
CVE.ORG link : CVE-2019-6821
JSON object : View
Products Affected
schneider-electric
- modicon_m580_firmware
- modicon_premium
- modicon_premium_firmware
- modicon_m580
- modicon_m340
- modicon_quantum
- modicon_quantum_firmware
- modicon_m340_firmware
CWE
CWE-330
Use of Insufficiently Random Values