CVE-2019-6846

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon M340, Modicon Bmxcra And 140cra Modules (all Firmware Versions)
Vendor: CVE Published:; 29 October 2019

Summary

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.

Affected Version(s)

Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware ) Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Jan 25, 2019

Collectors

NVD DatabaseMitre Database