CVE-2019-6820
First published: Wed May 22 2019(Updated: )
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon M100 Firmware | ||
| Schneider-electric Modicon M100 | ||
| Schneider-electric Modicon M200 Firmware | ||
| Schneider-electric Modicon M200 | ||
| Schneider-electric Modicon M221 Firmware | ||
| Schneider-electric Modicon M221 | ||
| Schneider-electric Atv Imc Drive Controller Firmware | ||
| Schneider-electric Atv Imc Drive Controller | ||
| Schneider-electric Modicon M241 Firmware | ||
| Schneider-electric Modicon M241 | ||
| Schneider-electric Modicon M251 Firmware | ||
| Schneider-electric Modicon M251 | ||
| Schneider-electric Modicon M258 Firmware | ||
| Schneider-electric Modicon M258 | ||
| Schneider-electric Modicon Lmc058 Firmware | ||
| Schneider-electric Modicon Lmc058 | ||
| Schneider-electric Modicon Lmc078 Firmware | ||
| Schneider-electric Modicon Lmc078 | ||
| Schneider-electric Pacdrive Eco Firmware | ||
| Schneider-electric Pacdrive Eco | ||
| Schneider-electric Pacdrive Pro Firmware | ||
| Schneider-electric Pacdrive Pro | ||
| Schneider-electric Pacdrive Pro2 Firmware | ||
| Schneider-electric Pacdrive Pro2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-6820.
What is the severity rating for CVE-2019-6820?
CVE-2019-6820 has a severity rating of 8.2 (high).
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-306.
Which devices are affected by CVE-2019-6820?
Modicon M100, Modicon M200, Modicon M221, and ATV IMC Drive Controller are affected by CVE-2019-6820.
How can I fix CVE-2019-6820?
Please refer to the following link for information on how to fix CVE-2019-6820: [CVE-2019-6820 Fix](https://www.schneider-electric.com/en/download/document/SEVD-2019-134-02/).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/event
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric modicon m100 firmware
- canonical/schneider-electric modicon m100
- canonical/schneider-electric modicon m200 firmware
- canonical/schneider-electric modicon m200
- canonical/schneider-electric modicon m221 firmware
- canonical/schneider-electric modicon m221
- canonical/schneider-electric atv imc drive controller firmware
- canonical/schneider-electric atv imc drive controller
- canonical/schneider-electric modicon m241 firmware
- canonical/schneider-electric modicon m241
- canonical/schneider-electric modicon m251 firmware
- canonical/schneider-electric modicon m251
- canonical/schneider-electric modicon m258 firmware
- canonical/schneider-electric modicon m258
- canonical/schneider-electric modicon lmc058 firmware
- canonical/schneider-electric modicon lmc058
- canonical/schneider-electric modicon lmc078 firmware
- canonical/schneider-electric modicon lmc078
- canonical/schneider-electric pacdrive eco firmware
- canonical/schneider-electric pacdrive eco
- canonical/schneider-electric pacdrive pro firmware
- canonical/schneider-electric pacdrive pro
- canonical/schneider-electric pacdrive pro2 firmware
- canonical/schneider-electric pacdrive pro2