CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
References () https://www.se.com/ww/en/download/document/SEVD-2019-316-02 - Vendor Advisory () https://www.se.com/ww/en/download/document/SEVD-2019-316-02 - Vendor Advisory

03 Feb 2022, 15:20

Type Values Removed Values Added
CPE cpe:2.3:o:se:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:140_noc_77101_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:140_noe_771x1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:bmx_p34x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:140_cpu6x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:tsx_p57x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:se:140_noc_78x00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:bmx_noe_0100:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*

31 Jan 2022, 19:52

Type Values Removed Values Added
CPE cpe:2.3:h:se:bmx_noc_0401:-:*:*:*:*:*:*:*
cpe:2.3:h:se:140_noc_77101:-:*:*:*:*:*:*:*
cpe:2.3:h:se:140_noe_771x1:-:*:*:*:*:*:*:*
cpe:2.3:h:se:bmx_noe_0110:-:*:*:*:*:*:*:*
cpe:2.3:h:se:140_cpu6x:-:*:*:*:*:*:*:*
cpe:2.3:h:se:tsx_ety_x103:-:*:*:*:*:*:*:*
cpe:2.3:h:se:tsx_p57x:-:*:*:*:*:*:*:*
cpe:2.3:h:se:140_noc_78x00:-:*:*:*:*:*:*:*
cpe:2.3:h:se:bmx_p34x:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*

Information

Published : 2020-04-22 19:15

Updated : 2024-11-21 04:47


NVD link : CVE-2019-6859

Mitre link : CVE-2019-6859

CVE.ORG link : CVE-2019-6859


JSON object : View

Products Affected

schneider-electric

  • 140_noc_78x00
  • tsx_ety_x103_firmware
  • bmx_noe_0110_firmware
  • bmx_noc_0401_firmware
  • 140_noe_771x1
  • bmx_noc_0401
  • 140_noe_771x1_firmware
  • 140_cpu6x_firmware
  • bmx_noe_0100
  • 140_noc_78x00_firmware
  • tsx_ety_x103
  • bmx_p34x_firmware
  • 140_noc_77101
  • bmx_noe_0110
  • tsx_p57x
  • 140_cpu6x
  • tsx_p57x_firmware
  • bmx_noe_0100_firmware
  • bmx_p34x
  • 140_noc_77101_firmware
CWE
CWE-798

Use of Hard-coded Credentials