6.5
CVE-2019-6821
- EPSS 0.24%
- Veröffentlicht 22.05.2019 20:29:02
- Zuletzt bearbeitet 21.11.2024 04:47:13
- Quelle cybersecurity@se.com
- Teams Watchlist Login
- Unerledigt Login
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon M580 Firmware Version < 2.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.441 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.