Cleartext Transmission Vulnerability in Schneider Electric Modicon Devices
CVE-2019-6846

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon M340, Modicon Bmxcra And 140cra Modules (all Firmware Versions)
Vendor: CVE Published:; 29 October 2019

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2019-6846?

A vulnerability exists in various Schneider Electric Modicon devices, including the M580, M340, BMxCRA, and 140CRA modules, due to the unencrypted transmission of sensitive data over the FTP protocol. This flaw could allow unauthorized parties to capture sensitive information during transmission, potentially compromising the security of the system. Users are advised to ensure secure data transfer methods are employed and to monitor for any unauthorized access.

Affected Version(s)

Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware ) Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Jan 25, 2019