A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2019-316-02 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
03 Feb 2022, 15:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:se:140_noc_77101_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:bmx_noc_0401_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:140_noe_771x1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:bmx_p34x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:140_cpu6x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:bmx_noe_0100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:tsx_p57x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:tsx_ety_x103_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:140_noc_78x00_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:bmx_noe_0100:-:*:*:*:*:*:*:* |
cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:* |
31 Jan 2022, 19:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:se:140_noc_77101:-:*:*:*:*:*:*:* cpe:2.3:h:se:140_noe_771x1:-:*:*:*:*:*:*:* cpe:2.3:h:se:bmx_noe_0110:-:*:*:*:*:*:*:* cpe:2.3:h:se:140_cpu6x:-:*:*:*:*:*:*:* cpe:2.3:h:se:tsx_ety_x103:-:*:*:*:*:*:*:* cpe:2.3:h:se:tsx_p57x:-:*:*:*:*:*:*:* cpe:2.3:h:se:140_noc_78x00:-:*:*:*:*:*:*:* cpe:2.3:h:se:bmx_p34x:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:* |
Information
Published : 2020-04-22 19:15
Updated : 2024-02-04 21:00
NVD link : CVE-2019-6859
Mitre link : CVE-2019-6859
CVE.ORG link : CVE-2019-6859
JSON object : View
Products Affected
schneider-electric
- 140_noe_771x1_firmware
- tsx_p57x
- bmx_p34x_firmware
- 140_noe_771x1
- bmx_p34x
- 140_noc_77101_firmware
- bmx_noe_0100_firmware
- bmx_noe_0100
- bmx_noc_0401
- 140_noc_77101
- 140_noc_78x00_firmware
- 140_noc_78x00
- bmx_noe_0110_firmware
- 140_cpu6x_firmware
- 140_cpu6x
- tsx_p57x_firmware
- bmx_noc_0401_firmware
- bmx_noe_0110
- tsx_ety_x103
- tsx_ety_x103_firmware
CWE
CWE-798
Use of Hard-coded Credentials