Schneider Electric Security Notification – CVE-2019-6811 (Sep 2019)

Product background: The Modicon Quantum Ethernet I/O (QEIO) automation platform is designed to meet the requirements of both the industrial automation and process industries.

Vulnerability details: An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.

Additional info: The maximum packet length for IPv4 = 65,535 bytes but the size is limited due to the physical layers MTU( 1500 for Ethernet). So to send larger packets it would require fragmentation.

IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host.

Remark: Scapy is a tool to generate your own packets.

Affected Product – Quantum 140 NOE771x1 version 6.9 and earlier.

Remediation: This vulnerability is fixed in version 7.0