Lucene search

[email protected]CVE-2019-6859

HistoryApr 22, 2020 - 7:15 p.m.

CVE-2019-6859

2020-04-2219:15:00

CWE-798

[email protected]

web.nvd.nist.gov

cve-2019-6859

cwe-798

modicon controllers

hardcoded credentials

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

CPENameOperatorVersion
schneider-electric:bmx_p34x_firmwareschneider-electric bmx p34x firmwareeq*
schneider-electric:bmx_noe_0100_firmwareschneider-electric bmx noe 0100 firmwareeq*
schneider-electric:bmx_noe_0110_firmwareschneider-electric bmx noe 0110 firmwareeq*
schneider-electric:bmx_noc_0401_firmwareschneider-electric bmx noc 0401 firmwareeq*
schneider-electric:tsx_p57x_firmwareschneider-electric tsx p57x firmwareeq*
schneider-electric:tsx_ety_x103_firmwareschneider-electric tsx ety x103 firmwareeq*
schneider-electric:140_cpu6x_firmwareschneider-electric 140 cpu6x firmwareeq*
schneider-electric:140_noe_771x1_firmwareschneider-electric 140 noe 771x1 firmwareeq*
schneider-electric:140_noc_78x00_firmwareschneider-electric 140 noc 78x00 firmwareeq*
schneider-electric:140_noc_77101_firmwareschneider-electric 140 noc 77101 firmwareeq*

CPE	Name	Operator	Version
schneider-electric:bmx_p34x_firmware	schneider-electric bmx p34x firmware	eq	*
schneider-electric:bmx_noe_0100_firmware	schneider-electric bmx noe 0100 firmware	eq	*
schneider-electric:bmx_noe_0110_firmware	schneider-electric bmx noe 0110 firmware	eq	*
schneider-electric:bmx_noc_0401_firmware	schneider-electric bmx noc 0401 firmware	eq	*
schneider-electric:tsx_p57x_firmware	schneider-electric tsx p57x firmware	eq	*
schneider-electric:tsx_ety_x103_firmware	schneider-electric tsx ety x103 firmware	eq	*
schneider-electric:140_cpu6x_firmware	schneider-electric 140 cpu6x firmware	eq	*
schneider-electric:140_noe_771x1_firmware	schneider-electric 140 noe 771x1 firmware	eq	*
schneider-electric:140_noc_78x00_firmware	schneider-electric 140 noc 78x00 firmware	eq	*
schneider-electric:140_noc_77101_firmware	schneider-electric 140 noc 77101 firmware	eq	*

References

www.se.com/ww/en/download/document/SEVD-2019-316-02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2019-6859

nessus1 prion1 cvelist1