Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Modicon M580 by Schneider Electric SE

    CVE-2019-6830 (GCVE-0-2019-6830)

    Vulnerability from nvd – Published: 2019-09-17 19:21 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580 Affected: all versions prior to V2.80
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to V2.80"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:21:12.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6830",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to V2.80"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6830",
        "datePublished": "2019-09-17T19:21:12.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6829 (GCVE-0-2019-6829)

    Vulnerability from nvd – Published: 2019-09-17 19:44 – Updated: 2026-05-29 14:35
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - A CWE-248: Uncaught Exception
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580 Affected: firmware version prior to V2.90
    Create a notification for this product.
    Schneider Electric SE Modicon M340 Affected: firmware version prior to V3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-6829",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:34:30.342289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:35:20.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V2.90"
                }
              ]
            },
            {
              "product": "Modicon M340",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "A CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:44:12.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V2.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon M340",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6829",
        "datePublished": "2019-09-17T19:44:12.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:35:20.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6828 (GCVE-0-2019-6828)

    Vulnerability from nvd – Published: 2019-09-17 19:59 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V2.90"
                }
              ]
            },
            {
              "product": "Modicon M340",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V3.10"
                }
              ]
            },
            {
              "product": "Modicon Premium",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "Modicon Quantum",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:59:33.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V2.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon M340",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V3.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Premium",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Quantum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6828",
        "datePublished": "2019-09-17T19:59:33.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6809 (GCVE-0-2019-6809)

    Vulnerability from nvd – Published: 2019-09-17 19:50 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V2.90"
                }
              ]
            },
            {
              "product": "Modicon M340",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V3.10"
                }
              ]
            },
            {
              "product": "Modicon Premium",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "Modicon Quantum",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:50:29.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V2.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon M340",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V3.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Premium",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Quantum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6809",
        "datePublished": "2019-09-17T19:50:29.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6828 (GCVE-0-2019-6828)

    Vulnerability from cvelistv5 – Published: 2019-09-17 19:59 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V2.90"
                }
              ]
            },
            {
              "product": "Modicon M340",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V3.10"
                }
              ]
            },
            {
              "product": "Modicon Premium",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "Modicon Quantum",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:59:33.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V2.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon M340",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V3.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Premium",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Quantum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6828",
        "datePublished": "2019-09-17T19:59:33.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6809 (GCVE-0-2019-6809)

    Vulnerability from cvelistv5 – Published: 2019-09-17 19:50 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V2.90"
                }
              ]
            },
            {
              "product": "Modicon M340",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V3.10"
                }
              ]
            },
            {
              "product": "Modicon Premium",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "Modicon Quantum",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:50:29.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V2.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon M340",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V3.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Premium",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon Quantum",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6809",
        "datePublished": "2019-09-17T19:50:29.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6829 (GCVE-0-2019-6829)

    Vulnerability from cvelistv5 – Published: 2019-09-17 19:44 – Updated: 2026-05-29 14:35
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - A CWE-248: Uncaught Exception
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580 Affected: firmware version prior to V2.90
    Create a notification for this product.
    Schneider Electric SE Modicon M340 Affected: firmware version prior to V3.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-6829",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:34:30.342289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:35:20.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V2.90"
                }
              ]
            },
            {
              "product": "Modicon M340",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to V3.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "A CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:44:12.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V2.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Modicon M340",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to V3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6829",
        "datePublished": "2019-09-17T19:44:12.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:35:20.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6830 (GCVE-0-2019-6830)

    Vulnerability from cvelistv5 – Published: 2019-09-17 19:21 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580 Affected: all versions prior to V2.80
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions prior to V2.80"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T19:21:12.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6830",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions prior to V2.80"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248: Uncaught Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6830",
        "datePublished": "2019-09-17T19:21:12.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }