VDB

SEVD-2019-134-11

SEVD-2019-134-11 PUBLISHED CVSS 5.300000190734863 MEDIUM

Schneider Electric is aware of multiple vulnerabilities in its Modicon Controller products. The Modicon Programmable Automation controllers are used for complex networked communication, display and control applications Failure to apply the mitigations or remediations provided below may risk execution of unsolicited command on the PLC which could result in a loss of availability of the controller February 2025 Update: Correction of vulnerabilities impacting Quantum Safety processor.

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Schneider Electric Modicon Premium v3.60
Schneider Electric Modicon Premium prior to 3.20
Schneider Electric Modicon M340 v3.20
Schneider Electric PLC Simulator for EcoStruxure™ Control Expert prior to 15.1
Schneider Electric Modicon MC80 BMKC80* v1.80
Schneider Electric Modicon MC80 BMKC80* prior to 1.80
Schneider Electric Modicon Premium prior to 3.60
Schneider Electric Modicon Quantum all versions
Schneider Electric Modicon M580 prior to 2.80
Schneider Electric Modicon Momentum CPU (part numbers 171CBU*) all versions
Schneider Electric Modicon M580 prior to 2.90
Schneider Electric Modicon M340 prior to 3.10
Schneider Electric Modicon M340 all versions
Schneider Electric Modicon M580 all versions
Schneider Electric Modicon M580 3.10
Schneider Electric Modicon Quantum v3.60
Schneider Electric Modicon Quantum prior to 3.60
Schneider Electric Modicon Premium all versions
Schneider Electric PLC Simulator for EcoStruxure™ Control Expert v15.1

Timeline

  • May 14, 2019 CVE Published
  • Feb 11, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›