The vulnerability of Modicon microprogrammed controllers lies in the transmission of confidential information in open text using the Modbus TCP protocol during controller programming, allowing attackers to disclose the protected information.

🗓️ 25 Nov 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Modicon controller flaw leaks data in plain text via Modbus during programming.

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2019-6845	29 Oct 201914:49	–	cve
Cvelist	CVE-2019-6845	29 Oct 201914:49	–	cvelist
EUVD	EUVD-2019-16399	7 Oct 202500:30	–	euvd
NVD	CVE-2019-6845	29 Oct 201919:15	–	nvd
Tenable Nessus	Schneider-electric Modicon Cleartext Transmission of Sensitive Information	8 Nov 201900:00	–	nessus
Tenable Nessus	Schneider Electric Modicon Cleartext Transmission of Sensitive Information (CVE-2019-6845)	7 Feb 202200:00	–	nessus
Prion	Design/Logic Flaw	29 Oct 201919:15	–	prion
RedhatCVE	CVE-2019-6845	22 May 202508:48	–	redhatcve
Talos	Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability	8 Oct 201900:00	–	talos
Talos Blog	Vulnerability spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580	8 Oct 201911:36	–	talosblog

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-6845
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2019-281-03/
nvd	www.nvd.nist.gov/vuln/detail
schneider-electric	www.schneider-electric.com/en/download/document/SEVD-2019-281-03

25 Nov 2019 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 37.5

CVSS 27.8

EPSS0.00205

modicon controller confidential data plain text modbus protocol programming vulnerability remote disclosure