A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2019-316-02 | Vendor Advisory |
https://www.se.com/ww/en/download/document/SEVD-2019-316-02 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
21 Nov 2024, 04:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.se.com/ww/en/download/document/SEVD-2019-316-02 - Vendor Advisory |
03 Feb 2022, 15:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:se:140_noc_77101_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:bmx_noc_0401_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:140_noe_771x1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:bmx_p34x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:140_cpu6x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:bmx_noe_0100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:tsx_p57x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:tsx_ety_x103_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:se:140_noc_78x00_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:se:bmx_noe_0100:-:*:*:*:*:*:*:* |
cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:* |
31 Jan 2022, 19:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:se:140_noc_77101:-:*:*:*:*:*:*:* cpe:2.3:h:se:140_noe_771x1:-:*:*:*:*:*:*:* cpe:2.3:h:se:bmx_noe_0110:-:*:*:*:*:*:*:* cpe:2.3:h:se:140_cpu6x:-:*:*:*:*:*:*:* cpe:2.3:h:se:tsx_ety_x103:-:*:*:*:*:*:*:* cpe:2.3:h:se:tsx_p57x:-:*:*:*:*:*:*:* cpe:2.3:h:se:140_noc_78x00:-:*:*:*:*:*:*:* cpe:2.3:h:se:bmx_p34x:-:*:*:*:*:*:*:* |
cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:* |
Information
Published : 2020-04-22 19:15
Updated : 2024-11-21 04:47
NVD link : CVE-2019-6859
Mitre link : CVE-2019-6859
CVE.ORG link : CVE-2019-6859
JSON object : View
Products Affected
schneider-electric
- 140_noc_78x00
- tsx_ety_x103_firmware
- bmx_noe_0110_firmware
- bmx_noc_0401_firmware
- 140_noe_771x1
- bmx_noc_0401
- 140_noe_771x1_firmware
- 140_cpu6x_firmware
- bmx_noe_0100
- 140_noc_78x00_firmware
- tsx_ety_x103
- bmx_p34x_firmware
- 140_noc_77101
- bmx_noe_0110
- tsx_p57x
- 140_cpu6x
- tsx_p57x_firmware
- bmx_noe_0100_firmware
- bmx_p34x
- 140_noc_77101_firmware
CWE
CWE-798
Use of Hard-coded Credentials