CVE-2019-6852
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Una CWE-200: Se presenta una vulnerabilidad de Exposición de Información en los Controladores Modicon (CPU M340, módulos de comunicación M340, CPU Premium, módulos de comunicación Premium, CPU Quantum, módulos de comunicación Quantum; consulte la notificación de seguridad para versiones específicas), lo que podría causar una divulgación de credenciales embebidas en FTP cuando se utiliza el servidor web del controlador en una red no segura.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-25 CVE Reserved
- 2019-11-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02 | 2019-11-22 | |
| https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20 | 2019-11-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Bmx P34x Firmware Search vendor "Schneider-electric" for product "Bmx P34x Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmx P34x Search vendor "Schneider-electric" for product "Bmx P34x" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmx Noe 0100 Firmware Search vendor "Schneider-electric" for product "Bmx Noe 0100 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmx Noe 0100 Search vendor "Schneider-electric" for product "Bmx Noe 0100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmx Noe 0110 Firmware Search vendor "Schneider-electric" for product "Bmx Noe 0110 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmx Noe 0110 Search vendor "Schneider-electric" for product "Bmx Noe 0110" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmx Noc 0401 Firmware Search vendor "Schneider-electric" for product "Bmx Noc 0401 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmx Noc 0401 Search vendor "Schneider-electric" for product "Bmx Noc 0401" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsx P57x Firmware Search vendor "Schneider-electric" for product "Tsx P57x Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsx P57x Search vendor "Schneider-electric" for product "Tsx P57x" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsx Ety X103 Firmware Search vendor "Schneider-electric" for product "Tsx Ety X103 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsx Ety X103 Search vendor "Schneider-electric" for product "Tsx Ety X103" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140 Cpu6x Firmware Search vendor "Schneider-electric" for product "140 Cpu6x Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140 Cpu6x Search vendor "Schneider-electric" for product "140 Cpu6x" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140 Noe 771x1 Firmware Search vendor "Schneider-electric" for product "140 Noe 771x1 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140 Noe 771x1 Search vendor "Schneider-electric" for product "140 Noe 771x1" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140 Noc 78x00 Firmware Search vendor "Schneider-electric" for product "140 Noc 78x00 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140 Noc 78x00 Search vendor "Schneider-electric" for product "140 Noc 78x00" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140 Noc 77101 Firmware Search vendor "Schneider-electric" for product "140 Noc 77101 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140 Noc 77101 Search vendor "Schneider-electric" for product "140 Noc 77101" | - | - |
Safe
|