The vulnerability of Modicon microprogrammed controllers, related to the use of the Modbus service provided by the REST API, allows a hacker to disclose protected information.

🗓️ 25 Nov 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

The Modicon controllers have a Modbus via REST API vulnerability that can disclose protected information remotely.

Reporter	Title	Published	Views	Family All 12
CNVD	Schneider Electric Modicon M580/BMENOC 0311/BMENOC 0321 Information Disclosure Vulnerability (CNVD-2019-44958)	30 Oct 201900:00	–	cnvd
CVE	CVE-2019-6849	29 Oct 201914:53	–	cve
Cvelist	CVE-2019-6849	29 Oct 201914:53	–	cvelist
EUVD	EUVD-2019-16403	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Schneider Electric products	14 May 202100:00	–	ncsc
NCSC	Vulnerabilities fixed in Schneider Electric products	15 Dec 202100:00	–	ncsc
NVD	CVE-2019-6849	29 Oct 201919:15	–	nvd
Tenable Nessus	Schneider-electric Modicon Exposure of Sensitive Information to an Unauthorized Actor	8 Nov 201900:00	–	nessus
Tenable Nessus	Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6849)	7 Feb 202200:00	–	nessus
Prion	Information disclosure	29 Oct 201919:15	–	prion

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-6849
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2019-281-04/
nvd	www.nvd.nist.gov/vuln/detail
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2019-281-04

25 Nov 2019 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 37.5

CVSS 27.8

EPSS0.00322

Modicon controllers Modbus service REST API information disclosure remote exploitation