Information Disclosure Vulnerability in Schneider Electric's Modicon Controllers
CVE-2019-6851
7.5HIGH
Key Information:
- Vendor
Schneider Electric
- Vendor
- CVE Published:
- 29 October 2019
What is CVE-2019-6851?
An information disclosure vulnerability exists in Schneider Electric's Modicon M580, M340, Premium, and Quantum controllers across all firmware versions. This issue arises when the TFTP protocol is utilized, allowing unauthorized access to sensitive data stored within the controller. This exposure may lead to the leakage of file and directory information, which poses a significant security risk for users relying on these industrial control systems.
Affected Version(s)
Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware ) Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)