7.5
CWE
319
Advisory Published
Updated

CVE-2019-6845

First published: Tue Oct 29 2019(Updated: )

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.

Credit: cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider-electric Modicon M580 Firmware
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware
Schneider-electric Modicon M340
Schneider-electric Tsxmcpc002m Firmware
Schneider-electric Tsxmcpc002m
Schneider-electric Tsxmcpc512k Firmware
Schneider-electric Tsxmcpc512k
Schneider-electric Tsxmfpp001m Firmware
Schneider-electric Tsxmfpp001m
Schneider-electric Tsxmfpp002m Firmware
Schneider-electric Tsxmfpp002m
Schneider-electric Tsxmfpp004m Firmware
Schneider-electric Tsxmfpp004m
Schneider-electric Tsxmfpp512k Firmware
Schneider-electric Tsxmfpp512k
Schneider-electric Tsxmrpc001m Firmware
Schneider-electric Tsxmrpc001m
Schneider-electric Tsxmrpc002m Firmware
Schneider-electric Tsxmrpc002m
Schneider-electric Tsxmrpc003m Firmware
Schneider-electric Tsxmrpc003m
Schneider-electric Tsxmrpc007m Firmware
Schneider-electric Tsxmrpc007m
Schneider-electric Tsxmrpc01m7 Firmware
Schneider-electric Tsxmrpc01m7
Schneider-electric Tsxmrpc768k Firmware
Schneider-electric Tsxmrpc768k
Schneider-electric Tsxmrpf004m Firmware
Schneider-electric Tsxmrpf004m
Schneider-electric Tsxmrpf008m Firmware
Schneider-electric Tsxmrpf008m
Schneider-electric Tsxmfp0128p2 Firmware
Schneider-electric Tsxmfp0128p2
Schneider-electric Tsxmfp064p2 Firmware
Schneider-electric Tsxmfp064p2
Schneider-electric Tsxmfpp224k Firmware
Schneider-electric Tsxmfpp224k
Schneider-electric Tsxmfpp384k Firmware
Schneider-electric Tsxmfpp384k
Schneider-electric Tsxmrpc448k Firmware
Schneider-electric Tsxmrpc448k
Schneider-electric Tsxmrpp224k Firmware
Schneider-electric Tsxmrpp224k
Schneider-electric Tsxmrpp384k Firmware
Schneider-electric Tsxmrpp384k

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2019-6845.

  • What is the severity level of CVE-2019-6845?

    CVE-2019-6845 has a severity level of 7.5 (high).

  • What is the affected software for CVE-2019-6845?

    The affected software for CVE-2019-6845 includes Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum (all firmware versions).

  • How can this vulnerability be exploited?

    This vulnerability can be exploited by transferring applications to the controller using the Modbus TCP protocol.

  • How can I fix CVE-2019-6845?

    To fix CVE-2019-6845, apply the necessary patch or firmware update provided by Schneider Electric.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203