Jared Rittle and Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, the majority of which can cause a denial of service. The Modicon M580 is the latest in Schneider Electric's Modicon line of programmable automation controllers. The majority of the bugs we will discuss exist in the Modicon's use of FTP.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Schneider Electric to ensure that these issues are resolved and that an update is available for affected customers. Talos previously disclosed a separate round of vulnerabilities in this product in June.
Vulnerability details
Schneider Electric Modicon M580 FTP cleartext authentication vulnerability (TALOS-2019-0827/CVE-2019-6846)
An exploitable information disclosure vulnerability exists in the FTP functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability.
For more information on this vulnerability, read the complete advisory here.
Schneider Electric Modicon M580 mismatched firmware image FTP upgrade denial-of-service vulnerability (TALOS-2019-0825/CVE-2019-6844)
An exploitable denial of service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted firmware image can cause the device to enter a r ..
Support the originator by clicking the read the rest link below.
