← Back to CVEs
CVE-2019-6852
HIGH7.5
Description
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/20/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
schneider-electric:140_cpu6xschneider-electric:140_cpu6x_firmwareschneider-electric:140_noc_77101schneider-electric:140_noc_77101_firmwareschneider-electric:140_noc_78x00schneider-electric:140_noc_78x00_firmwareschneider-electric:140_noe_771x1schneider-electric:140_noe_771x1_firmwareschneider-electric:bmx_noc_0401schneider-electric:bmx_noc_0401_firmwareschneider-electric:bmx_noe_0100schneider-electric:bmx_noe_0100_firmwareschneider-electric:bmx_noe_0110schneider-electric:bmx_noe_0110_firmwareschneider-electric:bmx_p34xschneider-electric:bmx_p34x_firmwareschneider-electric:tsx_ety_x103schneider-electric:tsx_ety_x103_firmwareschneider-electric:tsx_p57xschneider-electric:tsx_p57x_firmware
Weaknesses (CWE)
CWE-200CWE-200
References
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/(cybersecurity@se.com)
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.