Information Exposure in Modicon M580 and Communication Modules by Schneider Electric
CVE-2019-6850

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon Bmenoc 0311, Modicon Bmenoc 0321
Vendor: CVE Published:; 29 October 2019

Summary

A vulnerability exists in specific models of Modicon controllers and communication modules, which allows unauthorized access to sensitive information through the REST API. This may lead to the unintended disclosure of critical data when specific registers are accessed. Users of the affected versions should assess their systems and implement appropriate security measures to mitigate potential risks.

Affected Version(s)

Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321 Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Jan 25, 2019