VDB
CVE-2019-6848
CVE-2019-6848
PUBLISHED
CVSS 8.600000381469727 HIGH
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.
EPSS 2.67% · 86.1th percentile
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
2.67%
86.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| schneider-electric | modicon_bmenoc_0311_firmware | |
| schneider-electric | modicon_bmenoc_0321_firmware | |
| schneider-electric | modicon_m580_firmware | |
| n/a | Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info) | Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info) |
Exploit Intelligence
- https://www.se.com/ww/en/download/document/SEVD-2019-281-04/ (circl)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
…and 131 more exploits
Timeline
- Oct 8, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
References
- https://www.se.com/ww/en/download/document/SEVD-2019-281-04/ url
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-04 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04 advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-281-02_Modicon_Controllers.pdf&p_Doc_Ref=SEVD-2019-281-02 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-134-04-Floating-License-Manager-Update_V2.1.pdf&p_Doc_Ref=SEVD-2019-134-04 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-327-01-Embedded-Web-Servers-Modicon+V3.0.pdf&p_Doc_Ref=SEVD-2018-327-01 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-281-04_Modicon_Controllers.pdf&p_Doc_Ref=SEVD-2019-281-04 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-281-01_Modicon_Controllers.pdf&p_Doc_Ref=SEVD-2019-281-01 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-04_SoMachine_SoMove_V2.0.pdf&p_Doc_Ref=SEVD-2019-225-04 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-281-03_Modicon_Controllers.pdf&p_Doc_Ref=SEVD-2019-281-03 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-6848 advisory
- https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04 url
- https://www.se.com/ww/en/download/document/SEVD-2019-281-04 url