high
7.5
CWE
200 538
Advisory Published
Updated

CVE-2019-6851: Infoleak

First published: Tue Oct 29 2019(Updated: )

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

Credit: cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider Electric Modicon M580 Firmware
Schneider Electric Modicon M580
Schneider Electric Modicon M340 Firmware
Schneider Electric Modicon M340
schneider-electric tsxmcpc002m
schneider-electric tsxmcpc002m firmware
schneider-electric tsxmcpc512k
Schneider Electric TSXMCPC512K Firmware
Schneider Electric TSX MFPP 001 M
schneider-electric tsxmfpp001m firmware
Schneider Electric TSXMFPP002M
Schneider Electric TSXMFPP002M
Schneider Electric TSXMFPP004M Firmware
Schneider Electric TSXMFPP004M Firmware
Schneider Electric TSXMFPP512K Firmware
tsxmfpp512k
schneider-electric tsxmrpc001m
schneider-electric tsxmrpc001m firmware
Schneider Electric TSXMRPC002M Firmware
Schneider Electric TSXMRPC002M Firmware
Schneider Electric TSXMRP Series
schneider-electric tsxmrpc003m firmware
Schneider Electric TSXMRPC007M Firmware
Schneider Electric TSXMRPC007M Firmware
schneider-electric tsxmrpc01m7 firmware
Schneider Electric TSX MR Series
Schneider Electric TSXMRPC768K Firmware
Schneider Electric TSXMRPC768K Firmware
schneider-electric tsxmrpf004m firmware
schneider-electric tsxmrpf004m
Schneider Electric TSXMRPF008M
schneider-electric tsxmrpf008m firmware
schneider-electric tsxmfp0128p2
schneider-electric tsxmfp0128p2 firmware
Schneider Electric TSX MFP 064 P2 Firmware
Schneider Electric TSX MFP 064 P2 Firmware
Schneider Electric TSXMFPP224K
Schneider Electric TSXMFPP224K
Schneider Electric TSXMFPP384K Firmware
Schneider Electric TSXMFPP384K Firmware
schneider-electric tsxmrpc448k firmware
schneider-electric tsxmrpc448k
Schneider Electric TSXMRPP224K
schneider-electric tsxmrpp224k firmware
Schneider Electric TSXMRPP384K
Schneider Electric TSXMRPP384K

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID of this vulnerability?

    The vulnerability ID of this vulnerability is CVE-2019-6851.

  • What is the severity rating of CVE-2019-6851?

    CVE-2019-6851 has a severity rating of 7.5 (high).

  • What software is affected by CVE-2019-6851?

    Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum (all firmware versions) are affected by CVE-2019-6851.

  • How does CVE-2019-6851 cause information disclosure?

    CVE-2019-6851 causes information disclosure from the controller when using the TFTP protocol.

  • How can I fix CVE-2019-6851?

    There is no known fix for CVE-2019-6851 at this time, consider applying security controls to mitigate the risk.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203