CVE-2019-6852

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
References () https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/ - Not Applicable, Vendor Advisory () https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/ - Not Applicable, Vendor Advisory

Information

Published : 2019-11-20 22:15

Updated : 2024-11-21 04:47


NVD link : CVE-2019-6852

Mitre link : CVE-2019-6852

CVE.ORG link : CVE-2019-6852


JSON object : View

Products Affected

schneider-electric

  • 140_noc_78x00
  • tsx_ety_x103_firmware
  • bmx_noe_0110_firmware
  • bmx_noc_0401_firmware
  • 140_noe_771x1
  • bmx_noc_0401
  • 140_noe_771x1_firmware
  • 140_cpu6x_firmware
  • bmx_noe_0100
  • 140_noc_78x00_firmware
  • tsx_ety_x103
  • bmx_p34x_firmware
  • 140_noc_77101
  • bmx_noe_0110
  • tsx_p57x
  • 140_cpu6x
  • tsx_p57x_firmware
  • bmx_noe_0100_firmware
  • bmx_p34x
  • 140_noc_77101_firmware
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor