CVE-2019-6848
HIGHModicon M580 and BMENOC - Denial of Service via REST API
Title source: llmDescription
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2019-281-04/
Scores
CVSS v3
8.6
EPSS
0.0267
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-755
Status
published
Products (3)
schneider-electric/modicon_bmenoc_0311_firmware
schneider-electric/modicon_bmenoc_0321_firmware
schneider-electric/modicon_m580_firmware
Published
Oct 29, 2019
Tracked Since
Feb 18, 2026