CVE-2019-6852: Infoleak
First published: Wed Nov 20 2019(Updated: )
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric BMX P34X Firmware | ||
| Schneider Electric BMX P34X | ||
| Schneider Electric BMX NOE 0100 Firmware | ||
| Schneider Electric BMX NOE 0100 Firmware | ||
| Schneider Electric BMX NOE 0110 | ||
| Schneider Electric BMX NOE 0110 Firmware | ||
| Schneider Electric BMX NOC 0401 | ||
| Schneider Electric BMX NOC 0401 | ||
| schneider-electric tsx p57x firmware | ||
| Schneider Electric TSX P57X | ||
| Schneider Electric TSX ETY X103 Firmware | ||
| Schneider Electric TSX ETY X103 | ||
| Schneider Electric 140 CPU 6x Firmware | ||
| Schneider Electric 140 CPU 6X | ||
| Schneider Electric 140 NOE 771x1 Firmware | ||
| Schneider Electric 140 NOE 771x1 Firmware | ||
| Schneider Electric 140 NOC 78x00 | ||
| Schneider Electric 140 NOC 78x00 | ||
| schneider-electric 140 noc 77101 firmware | ||
| Schneider Electric 140 NOC 77101 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-6852?
CVE-2019-6852 is classified as a CWE-200: Information Exposure vulnerability.
How do I fix CVE-2019-6852?
To fix CVE-2019-6852, ensure that your Modicon Controllers firmware is updated to the latest version provided by Schneider Electric.
What controllers are affected by CVE-2019-6852?
The affected controllers include Modicon M340 CPUs, Premium CPUs, Quantum CPUs, and their respective communication modules.
What kind of data can be exposed due to CVE-2019-6852?
CVE-2019-6852 could lead to the disclosure of FTP credentials and sensitive configuration information.
Is CVE-2019-6852 under active exploitation?
There is no public information indicating that CVE-2019-6852 is actively being exploited at this time.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric bmx p34x firmware
- canonical/schneider electric bmx p34x
- canonical/schneider electric bmx noe 0100 firmware
- canonical/schneider electric bmx noe 0110
- canonical/schneider electric bmx noe 0110 firmware
- canonical/schneider electric bmx noc 0401
- canonical/schneider-electric tsx p57x firmware
- canonical/schneider electric tsx p57x
- canonical/schneider electric tsx ety x103 firmware
- canonical/schneider electric tsx ety x103
- canonical/schneider electric 140 cpu 6x firmware
- canonical/schneider electric 140 cpu 6x
- canonical/schneider electric 140 noe 771x1 firmware
- canonical/schneider electric 140 noc 78x00
- canonical/schneider-electric 140 noc 77101 firmware
- canonical/schneider electric 140 noc 77101