← Back

CVE-2019-6846

nvd nist
Published: Oct 29, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.

Affected (4)

Schneider Electric
4 products
Modicon M580 Firmware
Modicon M340 Firmware
Modicon Bmxcra Firmware
Modicon 140cra Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M580 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M580
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon Bmxcra Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon Bmxcra
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon 140cra Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon 140cra
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.