Information Exposure in Modicon M580 and BMENOC Products by Schneider Electric
CVE-2019-6849

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon Bmenoc 0311, Modicon Bmenoc 0321
Vendor: CVE Published:; 29 October 2019

Summary

An information exposure vulnerability has been identified in Schneider Electric's Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321 devices. This issue arises when specific Modbus services are accessed via the REST API of the controller or communication module. If exploited, this vulnerability could lead to unauthorized disclosure of sensitive information, potentially impacting the security and integrity of the system.

Affected Version(s)

Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321 Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Jan 25, 2019