{"containers": {"cna": {"affected": [{"product": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum", "vendor": "n/a", "versions": [{"status": "affected", "version": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum"}]}], "descriptions": [{"lang": "en", "value": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-06-17T19:34:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01"}, {"name": "108366", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108366"}, {"tags": ["x_refsource_MISC"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum", "version": {"version_data": [{"version_value": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-330: Use of Insufficiently Random Values"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01"}, {"name": "108366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108366"}, {"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:31:04.471Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01"}, {"name": "108366", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108366"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6821", "datePublished": "2019-05-22T19:42:06", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.471Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C29962C-3387-47C9-AA01-76AF84E4D4A0", "versionEndExcluding": "2.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum."}, {"lang": "es", "value": "Una CWE-330: Una vulnerabilidad de Uso Insuficientes de  valores aleatorios, podr\u00eda generar el secuestro de la conexi\u00f3n TCP cuando se utiliza el protocolo de comunicaci\u00f3n Ethernet en Modicon M580 versiones de firmware anteriores a V2.30, y todas las versiones de firmware de Modicon M340, Modicon Premium, Modicon Quantum."}], "id": "CVE-2019-6821", "lastModified": "2024-11-21T04:47:13.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-22T20:29:02.183", "references": [{"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108366"}, {"source": "cybersecurity@se.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01"}, {"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}