CVE-2019-6821
First published: Wed May 22 2019(Updated: )
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Modicon M580 Firmware | <2.30 | |
| Schneider-electric Modicon M580 | ||
| Schneider-electric Modicon M340 Firmware | ||
| Schneider-electric Modicon M340 | ||
| Schneider-electric Modicon Quantum Firmware | ||
| Schneider-electric Modicon Quantum | ||
| Schneider-electric Modicon Premium Firmware | ||
| Schneider-electric Modicon Premium |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-6821?
CVE-2019-6821 is a vulnerability that is categorized as CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in certain firmware versions of Modicon M580 and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
What is the severity of CVE-2019-6821?
CVE-2019-6821 has a severity score of 6.5, which is considered medium.
What is the affected software for CVE-2019-6821?
The affected software for CVE-2019-6821 includes certain firmware versions of Modicon M580 (prior to V2.30) and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
How can CVE-2019-6821 be exploited?
CVE-2019-6821 can be exploited by hijacking the TCP connection when using Ethernet communication in the affected firmware versions of Modicon M580 and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
Where can I find more information about CVE-2019-6821?
More information about CVE-2019-6821 can be found at the following references: [SecurityFocus](http://www.securityfocus.com/bid/108366), [ICS-CERT](https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01), [Schneider-electric](https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/)
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric modicon m580 firmware
- canonical/schneider-electric modicon m580
- canonical/schneider-electric modicon m340 firmware
- canonical/schneider-electric modicon m340
- canonical/schneider-electric modicon quantum firmware
- canonical/schneider-electric modicon quantum
- canonical/schneider-electric modicon premium firmware
- canonical/schneider-electric modicon premium