{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T15:29:27.831","vulnerabilities":[{"cve":{"id":"CVE-2019-6844","sourceIdentifier":"cybersecurity@se.com","published":"2019-10-29T19:15:22.047","lastModified":"2026-06-17T02:39:47.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol."},{"lang":"es","value":"Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en Modicon M580, Modicon M340, Modicon BMxCRA y los módulos 140CRA (todas las versiones de firmware), lo que podría causar un ataque de Denegación de Servicio en el PLC cuando se actualiza el controlador con un paquete de firmware que contiene una imagen del servidor web no válida usando el protocolo FTP"}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"n/a","product":"Modicon M580, Modicon M340, and Modicon BMxCRA / 140CRA modules (see notification for version info)","versions":[{"version":"Modicon M580, Modicon M340, and Modicon BMxCRA / 140CRA modules (see notification for version info)","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-755"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D52D735D-8AB5-40FE-A83F-266977601571"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*","matchCriteriaId":"E876C738-ABF6-4864-98A6-1E06E96A0DF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"05CBA9AD-ECB7-453F-8551-DD176FDE8043"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"138681A2-0146-492B-8E10-06849FC27C6E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E4E41AAB-05A3-43A4-B97A-34F265E25F40"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*","matchCriteriaId":"F80F2F1C-F681-4498-942E-31EDA9CF79F8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"76F5D4B2-1C0A-45E8-993C-DBBA4F745345"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*","matchCriteriaId":"94575CFC-1395-4BB4-8D4F-AA41F7068A26"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-281-02/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-281-02/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}