TROYANOSYVIRUS
Volver a CVEs

CVE-2019-6852

HIGH
7.5

Descripcion

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Detalles CVE

Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/20/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

schneider-electric:140_cpu6xschneider-electric:140_cpu6x_firmwareschneider-electric:140_noc_77101schneider-electric:140_noc_77101_firmwareschneider-electric:140_noc_78x00schneider-electric:140_noc_78x00_firmwareschneider-electric:140_noe_771x1schneider-electric:140_noe_771x1_firmwareschneider-electric:bmx_noc_0401schneider-electric:bmx_noc_0401_firmwareschneider-electric:bmx_noe_0100schneider-electric:bmx_noe_0100_firmwareschneider-electric:bmx_noe_0110schneider-electric:bmx_noe_0110_firmwareschneider-electric:bmx_p34xschneider-electric:bmx_p34x_firmwareschneider-electric:tsx_ety_x103schneider-electric:tsx_ety_x103_firmwareschneider-electric:tsx_p57xschneider-electric:tsx_p57x_firmware

Debilidades (CWE)

CWE-200CWE-200

Referencias

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/(cybersecurity@se.com)
https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/(nvd@nist.gov)
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.