PatchSiren cyber security CVE debrief
CVE-2019-6830 Schneider Electric CVE debrief
CVE-2019-6830 is a Schneider Electric Modicon M580 controller vulnerability where an uncaught exception can lead to a possible denial of service if the controller receives an appropriately timed HTTP request. The primary security impact is loss of availability in an OT environment, not code execution or data theft. The supplied CISA advisory and vendor notice recommend upgrading the controller to SV4.20 or above, updating EcoStruxure Control Expert to v16.0, rebuilding and transferring projects, and hardening access with application passwords, segmentation, firewall controls, and secure communications.
- Vendor
- Schneider Electric
- Product
- Modicon M580 Controller
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2019-05-14
- Original CVE updated
- 2026-04-23
- Advisory published
- 2019-05-14
- Advisory updated
- 2026-04-23
Who should care
OT/ICS operators running Schneider Electric Modicon M580 controllers, plant engineers maintaining EcoStruxure Control Expert projects, and defenders responsible for segmentation and remote-access controls around PLC environments.
Technical summary
The issue is an uncaught-exception condition in Modicon M580 firmware. A carefully timed HTTP request can trigger the fault and cause a denial-of-service condition on the controller. The supplied advisory lists Modicon M580 firmware versions prior to v2.80 as affected and points to firmware SV4.20 or above as the fix, along with project updates in EcoStruxure Control Expert and OT network hardening measures.
Defensive priority
Medium overall, but high priority for any exposed or mission-critical M580 deployment because the impact is controller availability loss in an industrial process.
Recommended defensive actions
- Update Modicon M580 controller firmware to SV4.20 or above, per the vendor remediation.
- Update EcoStruxure Control Expert to v16.0 and set the controller firmware version in the project to match the target device.
- Rebuild and transfer current projects after the firmware upgrade.
- Set an application password in project properties.
- Segment the OT network and use a firewall to block unauthorized access, including port 502/TCP where applicable.
- Review and apply Schneider Electric ACL and secure-communications guidance, including IPsec configuration options described in the vendor documents.
- If using M580 Hot Standby CPUs, use IPsec encrypted communication because CPU memory protection cannot be configured there; otherwise enable CPU memory protection where supported.
Evidence notes
The supplied source corpus ties CVE-2019-6830 to CISA advisory ICSA-25-114-01 and Schneider Electric security notice SEVD-2019-134-11. The advisory description states that an uncaught exception can cause a possible denial of service when an appropriately timed HTTP request is sent to the controller. The source item lists Modicon M580 firmware versions prior to v2.80 as affected and remediation at SV4.20 or above. Timing context: the CVE was published on 2019-05-14 and the advisory was later revised multiple times; the supplied latest modified date is 2026-04-23. No KEV listing is present in the supplied data.
Official resources
-
CVE-2019-6830 CVE record
CVE.org
-
CVE-2019-6830 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by Schneider Electric and mirrored by CISA on 2019-05-14. The supplied advisory was revised over time, with the latest supplied modification date of 2026-04-23. The supplied data does not list this CVE in CISA KEV.