Schneider fixes DoS vulnerability in Modicon and EcoStruxure products

Schneider Electric recently resolved DoS vulnerabilities in Modicon M580, M340, Quantum, and Premium controllers, and stated that all three defects were caused by improper inspections.

The three vulnerabilities are:

• CVE-2019-6857: CVSS v3.0 is 7.5, which is highly dangerous. When using Modbus TCP to read specific memory blocks, the vulnerability could cause the controller to experience a DoS attack.
• CVE-2019-6856: CVSS v3.0 score is also 7.5, which is high risk. DoS attacks can be caused when using Modbus TCP to write specific physical memory blocks.
• CVE-2018-7794: CVSS v3.0 score is 5.9, which is moderately dangerous. When the index of the data read using Modbus TCP is invalid, the vulnerability may cause a DoS attack.

Vulnerabilities have been reported by Mengmeng Young and Gideon Guo (CVE-2019-6857), Chansim Deng (CVE-2019-6856) and Younes Dragoni from Nozomi Networks (CVE-2018-7794). Schneider also informed its users that three products under EcoStruxure (power SCADA Operation ‘s power monitoring software, etc.) have multiple vulnerabilities.

According to an Applied Risk report, the vulnerability stems from a serious stack overflow vulnerability that hackers can use to trigger DoS. The report also states: “A vulnerability was identified within Schneider ClearSCADA, which would allow an attacker to modify system-wide configuration and data files. This vulnerability arose through insecure file permissions.”

Schneider Electric also discovered a medium-level vulnerability in the EcoStruxure Control Expert programming software (which serves Modicon programmable automation controllers) that could allow hackers to bypass the authentication process between the software and the controller.

Source: SecurityAffairs