EUVD-2019-16406

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Information Exposure vulnerability in Modicon Controllers could disclose hardcoded FTP credentials.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the ability to disclose information, allowing unauthorized access to protected data.	2 Sep 202100:00	–	bdu_fstec
CNVD	Schneider Electric M340 Communication Modules Information Disclosure Vulnerability	26 Nov 201900:00	–	cnvd
CVE	CVE-2019-6852	20 Nov 201922:01	–	cve
Cvelist	CVE-2019-6852	20 Nov 201922:01	–	cvelist
NVD	CVE-2019-6852	20 Nov 201922:15	–	nvd
Prion	Hardcoded credentials	20 Nov 201922:15	–	prion
Positive Technologies	PT-2019-6021	12 Nov 201900:00	–	ptsecurity
RedhatCVE	CVE-2019-6852	22 May 202510:18	–	redhatcve
Tenable Nessus	Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)	29 Jun 202300:00	–	nessus
Vulnrichment	CVE-2019-6852	20 Nov 201922:01	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "eebb4085-fc81-3139-825e-074ad7d26f69",
        "vendor": {
          "name": "Schneider Electric"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "12e11f99-9620-3679-b2bb-dd83b86760b2",
        "product": {
          "name": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)"
        },
        "product_version": "Modicon Controllers (M340 CPUs"
      },
      {
        "id": "25b85ba4-84ec-39d9-9841-32b49b610c56",
        "product": {
          "name": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)"
        },
        "product_version": "Quantum CPUs"
      },
      {
        "id": "4fc77af2-1d77-3aa1-a6cd-cffb38305a7e",
        "product": {
          "name": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)"
        },
        "product_version": "Premium communication modules"
      },
      {
        "id": "8120be81-c8c6-33cb-b6bc-05f00d8be0d8",
        "product": {
          "name": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)"
        },
        "product_version": "Premium CPUs"
      },
      {
        "id": "aaf72cc5-716d-3a0e-bd2c-de1530295ff9",
        "product": {
          "name": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)"
        },
        "product_version": "M340 communication modules"
      },
      {
        "id": "f79d8850-11b5-3020-85b9-6feae7210933",
        "product": {
          "name": "Modicon Controllers (M340 CPUs, M340 communication modules,  Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)"
        },
        "product_version": "Quantum communication modules - see security notification for specific versions)"
      }
    ]
  }
]

Source	Link
schneider-electric	www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

CVSS 25

EPSS0.01367