CVE-2019-6852

🗓️ 20 Nov 2019 22:01:49Reported by schneiderType

Information Exposure vulnerability in Modicon Controllers, disclosing FTP credentials

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the ability to disclose information, allowing unauthorized access to protected data.	2 Sep 202100:00	–	bdu_fstec
CNVD	Schneider Electric M340 Communication Modules Information Disclosure Vulnerability	26 Nov 201900:00	–	cnvd
Cvelist	CVE-2019-6852	20 Nov 201922:01	–	cvelist
EUVD	EUVD-2019-16406	7 Oct 202500:30	–	euvd
NVD	CVE-2019-6852	20 Nov 201922:15	–	nvd
Prion	Hardcoded credentials	20 Nov 201922:15	–	prion
Positive Technologies	PT-2019-6021	12 Nov 201900:00	–	ptsecurity
RedhatCVE	CVE-2019-6852	22 May 202510:18	–	redhatcve
Tenable Nessus	Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)	29 Jun 202300:00	–	nessus
Vulnrichment	CVE-2019-6852	20 Nov 201922:01	–	vulnrichment

NVD

Node

schneider-electric bmx_p34x_firmware

AND

schneider-electric bmx_p34xMatch-

Node

schneider-electric bmx_noe_0100_firmware

AND

schneider-electric bmx_noe_0100Match-

Node

schneider-electric bmx_noe_0110_firmware

AND

schneider-electric bmx_noe_0110Match-

Node

schneider-electric bmx_noc_0401_firmware

AND

schneider-electric bmx_noc_0401Match-

Node

schneider-electric tsx_p57x_firmware

AND

schneider-electric tsx_p57xMatch-

Node

schneider-electric tsx_ety_x103_firmware

AND

schneider-electric tsx_ety_x103Match-

Node

schneider-electric 140_cpu6x_firmware

AND

schneider-electric 140_cpu6xMatch-

Node

schneider-electric 140_noe_771x1_firmware

AND

schneider-electric 140_noe_771x1Match-

Node

schneider-electric 140_noc_78x00_firmware

AND

schneider-electric 140_noc_78x00Match-

Node

schneider-electric 140_noc_77101_firmware

AND

schneider-electric 140_noc_77101Match-

[
  {
    "product": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Modicon Controllers (M340 CPUs"
      },
      {
        "status": "affected",
        "version": "M340 communication modules"
      },
      {
        "status": "affected",
        "version": "Premium CPUs"
      },
      {
        "status": "affected",
        "version": "Premium communication modules"
      },
      {
        "status": "affected",
        "version": "Quantum CPUs"
      },
      {
        "status": "affected",
        "version": "Quantum communication modules - see security notification for specific versions)"
      }
    ]
  }
]

Source	Link
schneider-electric	www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/
se	www.se.com/ww/en/download/document/SEVD-2019-316-02%20/

17 Jun 2026 02:39Current

7.4High risk

Vulners AI Score7.4

CVSS 25

CVSS 3.17.5

EPSS0.01367

SSVC

CWE-200