Information Disclosure Vulnerability in Schneider Electric's Modicon Controllers
CVE-2019-6851

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all Firmware Versions)
Vendor: CVE Published:; 29 October 2019

Summary

An information disclosure vulnerability exists in Schneider Electric's Modicon M580, M340, Premium, and Quantum controllers across all firmware versions. This issue arises when the TFTP protocol is utilized, allowing unauthorized access to sensitive data stored within the controller. This exposure may lead to the leakage of file and directory information, which poses a significant security risk for users relying on these industrial control systems.

Affected Version(s)

Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware ) Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Jan 25, 2019