CVE-2019-6807 Schneider Electric CVE debrief

Who should care

OT security teams, plant operators, ICS defenders, and maintenance engineers using Schneider Electric Modicon M580, M340, MC80, Momentum Unity M1E, Quantum, Premium, or EcoStruxure Control Expert environments—especially where Modbus/TCP is reachable from untrusted networks or engineering workstations.

Technical summary

The source advisory describes an uncaught exception in Modbus handling that can cause controller service disruption during writes to sensitive application variables. Schneider Electric maps the issue to several controller families and related tooling, with vendor fixes and mitigations varying by product line. The advisory’s defensive guidance centers on updating to the listed fixed versions, rebuilding/transferring projects after firmware changes, and reducing Modbus attack surface with passwords, ACLs, segmentation, and firewalling of TCP/502.

Defensive priority

High. This is a network-reachable availability issue affecting industrial controllers, with no user interaction required in the supplied record and explicit guidance to protect Modbus/TCP exposure. Prioritize internet-exposed, cross-zone, or flat-network deployments first.

Recommended defensive actions

• Apply the vendor-specified fixed firmware/software for the affected product line in the Schneider Electric advisory.
• For Modicon M580 and M340 environments, update the engineering workstation software and then rebuild and transfer projects after changing the controller firmware version in the project.
• Enable application passwords in project properties where supported.
• Restrict Modbus/TCP access with network segmentation and firewall rules blocking unauthorized access to TCP port 502.
• Configure access control lists using the relevant Schneider Electric user manuals referenced in the advisory.
• Use secured communications/IPsec guidance from the vendor reference manuals where supported by the platform.
• Where Quantum or Premium systems are end-of-life, plan migration to supported platforms and apply the listed mitigations in the meantime.
• Verify controller-specific remediation versions against the advisory matrix before maintenance windows, because the source lists different fixed versions across product families.

Evidence notes

The supplied CISA CSAF advisory and Schneider Electric references identify an uncaught exception causing possible denial of service when writing sensitive application variables over Modbus. Remediations in the source include platform-specific fixed versions, plus mitigation steps such as application passwords, ACLs, segmentation, and blocking TCP/502. The record also contains both CVSS v4.0 (8.7 High) and CVSS 3.1 (7.5 High) metadata; this debrief prioritizes the advisory’s explicit impact description and flags the score discrepancy.

Official resources