CVE-2019-6859
First published: Wed Apr 22 2020(Updated: )
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider Electric BMX P34X Firmware | ||
| Schneider Electric BMX P34X | ||
| Schneider Electric BMX NOE 0100 Firmware | ||
| Schneider Electric BMX NOE 0100 Firmware | ||
| Schneider Electric BMX NOE 0110 | ||
| Schneider Electric BMX NOE 0110 Firmware | ||
| Schneider Electric BMX NOC 0401 | ||
| Schneider Electric BMX NOC 0401 | ||
| schneider-electric tsx p57x firmware | ||
| Schneider Electric TSX P57X | ||
| Schneider Electric TSX ETY X103 Firmware | ||
| Schneider Electric TSX ETY X103 | ||
| Schneider Electric 140 CPU 6x Firmware | ||
| Schneider Electric 140 CPU 6X | ||
| Schneider Electric 140 NOE 771x1 Firmware | ||
| Schneider Electric 140 NOE 771x1 Firmware | ||
| Schneider Electric 140 NOC 78x00 | ||
| Schneider Electric 140 NOC 78x00 | ||
| schneider-electric 140 noc 77101 firmware | ||
| Schneider Electric 140 NOC 77101 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-6859?
The vulnerability CVE-2019-6859 has a severity rating that requires immediate attention due to the potential disclosure of sensitive hardcoded FTP credentials.
How do I fix CVE-2019-6859?
To fix CVE-2019-6859, you should replace the hardcoded credentials with secure, unique credentials and update the firmware of affected Schneider Electric devices.
Which Schneider Electric products are affected by CVE-2019-6859?
CVE-2019-6859 affects various Modicon Controllers, including models like BMX P34X, BMX NOE 0100, BMX NOE 0110, and others listed in the security notifications.
What are the potential risks of CVE-2019-6859?
The risks associated with CVE-2019-6859 include unauthorized access to the device via FTP, leading to potential modifications or data breaches.
Is there a patch available for CVE-2019-6859?
Yes, Schneider Electric has provided firmware updates that address the CVE-2019-6859 vulnerability, which should be implemented as part of the remediation process.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/schneider-electric
- canonical/schneider electric bmx p34x firmware
- canonical/schneider electric bmx p34x
- canonical/schneider electric bmx noe 0100 firmware
- canonical/schneider electric bmx noe 0110
- canonical/schneider electric bmx noe 0110 firmware
- canonical/schneider electric bmx noc 0401
- canonical/schneider-electric tsx p57x firmware
- canonical/schneider electric tsx p57x
- canonical/schneider electric tsx ety x103 firmware
- canonical/schneider electric tsx ety x103
- canonical/schneider electric 140 cpu 6x firmware
- canonical/schneider electric 140 cpu 6x
- canonical/schneider electric 140 noe 771x1 firmware
- canonical/schneider electric 140 noc 78x00
- canonical/schneider-electric 140 noc 77101 firmware
- canonical/schneider electric 140 noc 77101