描述
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
AI分析AI驱动
受影响产品
schneider-electricmodicon_m580_firmware
schneider-electricmodicon_m580
-
schneider-electricmodicon_m340_firmware
schneider-electricmodicon_m340
-
schneider-electricmodicon_quantum_firmware
schneider-electricmodicon_quantum
-
schneider-electricmodicon_premium_firmware
schneider-electricmodicon_premium
-
参考资料
- http://www.securityfocus.com/bid/108366Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/PatchVendor Advisory
- http://www.securityfocus.com/bid/108366Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/PatchVendor Advisory