CVE-2019-6859

Published: Apr 22, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Affected (10)

Products: Schneider Electric: Bmx P34x Firmware, Bmx Noe 0100 Firmware, Bmx Noe 0110 Firmware, Bmx Noc 0401 Firmware, Tsx P57x Firmware, Tsx Ety X103 Firmware, 140 Cpu6x Firmware, 140 Noe 771x1 Firmware, 140 Noc 78x00 Firmware, 140 Noc 77101 Firmware

Schneider Electric

10 products

Bmx P34x Firmware

Bmx Noe 0100 Firmware

Bmx Noe 0110 Firmware

Bmx Noc 0401 Firmware

Tsx P57x Firmware

Tsx Ety X103 Firmware

140 Cpu6x Firmware

140 Noe 771x1 Firmware

140 Noc 78x00 Firmware

140 Noc 77101 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx P34x Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx P34x	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx Noe 0100 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx Noe 0100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx Noe 0110 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx Noe 0110	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Bmx Noc 0401 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Bmx Noc 0401	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsx P57x Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsx P57x	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Tsx Ety X103 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric Tsx Ety X103	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Cpu6x Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Cpu6x	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Noe 771x1 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Noe 771x1	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Noc 78x00 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Noc 78x00	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric 140 Noc 77101 Firmware	All versions

Running on/with	Platform Versions
Schneider Electric 140 Noc 77101	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2019-316-02

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2019-316-02

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.