CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
53.8%
An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability.
Schneider Electric Modicon M580 BMEP582040 SV2.80
<https://www.schneider-electric.com/en/work/campaign/m580-epac/>
5.9 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-319: Cleartext Transmission of Sensitive Information
The Modicon M580 is the latest in Schneider Electricβs Modicon line of Programmable Automation Controllers. The device boasts a Wurldtech Achilles Level 2 certification and global policy controls to quickly enforce various security configurations. Communication with the device is possible over FTP, TFTP, HTTP, SNMP, EtherNet/IP, Modbus, and a management protocol referred to as UMAS.
When transferring a new strategy or reading the existing strategy of the Modicon M580 via device programming software, the UMAS management protocol is used. This protocol sends and receives cleartext data, allowing anyone sniffing traffic to view any transmitted information. If the transfer of a new strategy by the device programming software is sniffed, it is possible to obtain sensitive information such as the device SNMP community strings.
2019-05-08 - Vendor Disclosure
2019-05-09 - Vendor issued inquiry re: duplicate issue
2019-05-10 - Talos provided additional details to support issue not being a duplicate
2019-09-10 - Disclosure extension provided to vendor
2019-09-13 - Vendor assigned CVE
2019-10-08 - Public Release
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
53.8%