Detections
Analytics
Schneider Electric Modicon Ethernet Serial RTU Improper Check For Unusual or Exceptional Conditions (CVE-2019-6831)
high Tenable OT Security Plugin ID 501214
Synopsis
The remote OT asset is affected by a vulnerability.Description
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Schneider Electric recommends users set up network segmentation and implement a firewall to block all unauthorized access to Port 2404/TCP and SNMP Port 161/UDP.
For more information, see the Schneider Electric security notification.
See Also
https://security.cse.iitk.ac.in/responsible-disclosure
https://www.cisa.gov/news-events/ics-advisories/icsa-20-044-01
Plugin Details
Severity: High
ID: 501214
Version: 1.6
Type: remote
Family: Tenable.ot
Published: 6/29/2023
Updated: 9/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2019-6831
CVSS v3
Risk Factor: High
Base Score: 8.6
Temporal Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:schneider-electric:bmxnor0200h_firmware
Required KB Items: Tenable.ot/Schneider
Exploit Ease: No known exploits are available
Patch Publication Date: 9/17/2019
Vulnerability Publication Date: 9/17/2019
Reference Information
CVE: CVE-2019-6831
CWE: 754
ICSA: 20-044-01