CVE-2019-6821

Sažetak

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

Reference

https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/
http://www.securityfocus.com/bid/108366
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

03-02-2022 - 14:30

Objavljeno

22-05-2019 - 20:29