CVE-2019-6829 Schneider Electric CVE debrief

Who should care

OT/ICS operators using Schneider Electric Modicon M580 or M340 controllers, especially teams that expose Modbus/TCP, use EcoStruxure Control Expert for project transfers, or manage segmented/remote-access industrial networks. Security teams responsible for PLC patching, network segmentation, firewall policy, and control-system availability should also prioritize this advisory.

Technical summary

The source corpus describes an uncaught exception vulnerability in Schneider Electric Modicon controller firmware. An attacker who can send Modbus writes to specific memory addresses may cause the controller to stop functioning normally, creating a denial-of-service condition. The affected product matrix in the advisory identifies Modicon M580 firmware versions prior to v2.90 and Modicon M340 firmware versions prior to v3.10, while the remediation section also references fixed firmware branches and required project/workstation updates. The advisory further recommends compensating controls such as application passwords, ACLs, segmentation, and blocking unauthorized access to TCP port 502.

Defensive priority

High — the condition is network-reachable, requires no listed privileges, and can impact controller availability on OT assets that may be operationally critical.

Recommended defensive actions

• Patch affected controllers to vendor-fixed firmware for the correct branch and hardware model; verify the exact version path in the Schneider Electric guidance before scheduling maintenance.
• Update EcoStruxure Control Expert to the vendor-recommended version, then rebuild and re-transfer controller projects so they match the new firmware.
• Set an application password in project properties to reduce unauthorized project or control changes.
• Restrict Modbus/TCP exposure: segment the OT network, block unauthorized access to TCP port 502, and enforce ACLs where supported.
• Apply secure communications guidance from the Schneider Electric reference manual, including IPsec/VPN options where appropriate for the architecture.
• For M580 deployments, enable CPU memory protection where supported; if Hot Standby constraints prevent it, rely on the vendor-recommended IPsec protections and segmentation measures.

Evidence notes

The vulnerability description, affected-product list, and remediation steps come from the Schneider Electric/CISA source corpus for CVE-2019-6829. The advisory notes a denial-of-service condition when writing to specific memory addresses over Modbus, and the remediation text identifies firmware and engineering-workstation updates plus compensating controls such as segmentation and blocking port 502/TCP. The source item metadata shows publishedAt 2019-05-14T16:48:40Z and modifiedAt 2026-04-23T06:00:00Z; those dates reflect advisory publication/record updates, not a new vulnerability date. The revision history in the corpus shows later updates to remediation information and links, so operators should validate the exact model/firmware branch against the vendor matrix before applying changes.

Official resources