← Back

CVE-2019-6851

nvd nist
Published: Oct 29, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

Affected (23)

Schneider Electric
23 products
Modicon M580 Firmware
Modicon M340 Firmware
Tsxmcpc002m Firmware
Tsxmcpc512k Firmware
Tsxmfp0128p2 Firmware
Tsxmfp064p2 Firmware
Tsxmfpp001m Firmware
Tsxmfpp002m Firmware
Tsxmfpp004m Firmware
Tsxmfpp224k Firmware
Tsxmfpp384k Firmware
Tsxmfpp512k Firmware
Tsxmrpc001m Firmware
Tsxmrpc002m Firmware
Tsxmrpc003m Firmware
Tsxmrpc007m Firmware
Tsxmrpc01m7 Firmware
Tsxmrpc448k Firmware
Tsxmrpc768k Firmware
Tsxmrpf004m Firmware
Tsxmrpf008m Firmware
Tsxmrpp224k Firmware
Tsxmrpp384k Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M580 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M580
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Modicon M340 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Modicon M340
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmcpc002m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmcpc002m
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmcpc512k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmcpc512k
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfp0128p2 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfp0128p2
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfp064p2 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfp064p2
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfpp001m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfpp001m
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfpp002m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfpp002m
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfpp004m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfpp004m
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfpp224k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfpp224k
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfpp384k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfpp384k
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmfpp512k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmfpp512k
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc001m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc001m
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc002m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc002m
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc003m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc003m
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc007m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc007m
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc01m7 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc01m7
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc448k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc448k
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpc768k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpc768k
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpf004m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpf004m
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpf008m Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpf008m
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpp224k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpp224k
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tsxmrpp384k Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Tsxmrpp384k
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.