Description
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108366
Patch, Vendor Advisory x_refsource_misc
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
45.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-330
Status
published
Products (4)
schneider-electric/modicon_m340_firmware
schneider-electric/modicon_m580_firmware
< 2.30
schneider-electric/modicon_premium_firmware
schneider-electric/modicon_quantum_firmware
Published
May 22, 2019
Tracked Since
Feb 18, 2026