CVE-2019-6845

Published: Oct 29, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.

Affected (23)

Products: Schneider Electric: Modicon M580 Firmware, Modicon M340 Firmware, Tsxmcpc002m Firmware, Tsxmcpc512k Firmware, Tsxmfp0128p2 Firmware, Tsxmfp064p2 Firmware, Tsxmfpp001m Firmware, Tsxmfpp002m Firmware, Tsxmfpp004m Firmware, Tsxmfpp224k Firmware, Tsxmfpp384k Firmware, Tsxmfpp512k Firmware, Tsxmrpc001m Firmware, Tsxmrpc002m Firmware, Tsxmrpc003m Firmware, Tsxmrpc007m Firmware, Tsxmrpc01m7 Firmware, Tsxmrpc448k Firmware, Tsxmrpc768k Firmware, Tsxmrpf004m Firmware, Tsxmrpf008m Firmware, Tsxmrpp224k Firmware, Tsxmrpp384k Firmware

Schneider Electric

23 products

Modicon M580 Firmware

Modicon M340 Firmware

Tsxmcpc002m Firmware

Tsxmcpc512k Firmware

Tsxmfp0128p2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M580 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M580	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Modicon M340 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Modicon M340	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmcpc002m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmcpc002m	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmcpc512k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmcpc512k	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfp0128p2 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfp0128p2	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfp064p2 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfp064p2	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfpp001m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfpp001m	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfpp002m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfpp002m	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfpp004m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfpp004m	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfpp224k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfpp224k	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfpp384k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfpp384k	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmfpp512k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmfpp512k	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc001m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc001m	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc002m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc002m	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc003m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc003m	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc007m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc007m	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc01m7 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc01m7	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc448k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc448k	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpc768k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpc768k	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpf004m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpf004m	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpf008m Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpf008m	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpp224k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpp224k	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsxmrpp384k Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsxmrpp384k	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03

Source: cybersecurity@se.com

Vendor Advisory

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.