CVE-2019-6852

Published: Nov 20, 2019Modified: May 28, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Affected (10)

Products: Schneider Electric: Bmx P34x Firmware, Bmx Noe 0100 Firmware, Bmx Noe 0110 Firmware, Bmx Noc 0401 Firmware, Tsx P57x Firmware, Tsx Ety X103 Firmware, 140 Cpu6x Firmware, 140 Noe 771x1 Firmware, 140 Noc 78x00 Firmware, 140 Noc 77101 Firmware

Schneider Electric

10 products

Bmx P34x Firmware

Bmx Noe 0100 Firmware

Bmx Noe 0110 Firmware

Bmx Noc 0401 Firmware

Tsx P57x Firmware

Tsx Ety X103 Firmware

140 Cpu6x Firmware

140 Noe 771x1 Firmware

140 Noc 78x00 Firmware

140 Noc 77101 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx P34x Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx P34x	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx Noe 0100 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx Noe 0100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx Noe 0110 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx Noe 0110	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx Noc 0401 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx Noc 0401	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsx P57x Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsx P57x	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsx Ety X103 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsx Ety X103	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Cpu6x Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Cpu6x	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Noe 771x1 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Noe 771x1	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Noc 78x00 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Noc 78x00	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Noc 77101 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Noc 77101	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/

Source: cybersecurity@se.com

Not ApplicableVendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/

Source: nvd@nist.gov

Vendor Advisory

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

Timeline

No history available yet.