Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-6846 (GCVE-0-2019-6846)
Vulnerability from cvelistv5
Published
2019-10-29 14:51
Modified
2024-08-04 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) |
Version: Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T14:51:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6846",
"datePublished": "2019-10-29T14:51:31",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-6846\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2019-10-29T19:15:22.187\",\"lastModified\":\"2024-11-21T04:47:16.200\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.\"},{\"lang\":\"es\",\"value\":\"Una CWE-319: Existe una vulnerabilidad de Transmisi\u00f3n de Texto Sin Cifrar de Informaci\u00f3n Confidencial en Modicon M580, Modicon M340, Modicon BMxCRA y los m\u00f3dulos 140CRA (todas las versiones de firmware), que podr\u00edan causar una divulgaci\u00f3n de informaci\u00f3n cuando se utiliza el protocolo FTP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52D735D-8AB5-40FE-A83F-266977601571\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E876C738-ABF6-4864-98A6-1E06E96A0DF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05CBA9AD-ECB7-453F-8551-DD176FDE8043\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"138681A2-0146-492B-8E10-06849FC27C6E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4E41AAB-05A3-43A4-B97A-34F265E25F40\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80F2F1C-F681-4498-942E-31EDA9CF79F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76F5D4B2-1C0A-45E8-993C-DBBA4F745345\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94575CFC-1395-4BB4-8D4F-AA41F7068A26\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
fkie_cve-2019-6846
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E41AAB-05A3-43A4-B97A-34F265E25F40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80F2F1C-F681-4498-942E-31EDA9CF79F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76F5D4B2-1C0A-45E8-993C-DBBA4F745345",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94575CFC-1395-4BB4-8D4F-AA41F7068A26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
},
{
"lang": "es",
"value": "Una CWE-319: Existe una vulnerabilidad de Transmisi\u00f3n de Texto Sin Cifrar de Informaci\u00f3n Confidencial en Modicon M580, Modicon M340, Modicon BMxCRA y los m\u00f3dulos 140CRA (todas las versiones de firmware), que podr\u00edan causar una divulgaci\u00f3n de informaci\u00f3n cuando se utiliza el protocolo FTP."
}
],
"id": "CVE-2019-6846",
"lastModified": "2024-11-21T04:47:16.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:22.187",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201910-0579
Vulnerability from variot
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0579",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon 140cra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon bmxcra",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m580",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon 140cra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon bmxcra",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m580",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon bmxcra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon 140cra",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_140cra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_bmxcra_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m580_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6846",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-02971",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6846",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6846",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6846",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6846",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-02971",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-427",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained. Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric of France",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6846"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNVD",
"id": "CNVD-2020-02971"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6846",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-281-02",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02971",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2019-0827",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"id": "VAR-201910-0579",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
}
],
"trust": 1.5978355
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
}
]
},
"last_update_date": "2024-11-23T21:36:37.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-281-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-281-02/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.schneider-electric.com/ww/en/download/document/sevd-2019-281-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6846"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6846"
},
{
"trust": 0.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2019-281-02/"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"date": "2019-10-29T19:15:22.187000",
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02971"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011543"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-427"
},
{
"date": "2024-11-21T04:47:16.200000",
"db": "NVD",
"id": "CVE-2019-6846"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Modicon Vulnerability related to clear transmission of important information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011543"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-427"
}
],
"trust": 0.6
}
}
ghsa-4x3q-cmgw-gw26
Vulnerability from github
Published
2022-05-24 17:00
Modified
2022-05-24 17:00
VLAI Severity ?
Details
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
{
"affected": [],
"aliases": [
"CVE-2019-6846"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-29T19:15:00Z",
"severity": "MODERATE"
},
"details": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.",
"id": "GHSA-4x3q-cmgw-gw26",
"modified": "2022-05-24T17:00:05Z",
"published": "2022-05-24T17:00:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6846"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2019-AVI-488
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon Premium | ||
| Schneider Electric | Modicon M340 | Modicon M340 | ||
| Schneider Electric | N/A | EcoStruxure Power Monitoring Expert versions antérieures à PME 9.0 CU2 | ||
| Schneider Electric | N/A | Modicon BMxCRA et les modules 140CRA | ||
| Schneider Electric | N/A | Modicon BMENOC 0321 | ||
| Schneider Electric | N/A | Modicon BMENOC 0311 | ||
| Schneider Electric | N/A | Modicon M580 | ||
| Schneider Electric | N/A | SoMove FDT versions v2.7.5 et antérieures | ||
| Schneider Electric | N/A | EcoStruxure Power Monitoring Expert version 8.2 sans le dernier correctif de sécurité | ||
| Schneider Electric | N/A | Modicon Quantum |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon Premium",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Monitoring Expert versions ant\u00e9rieures \u00e0 PME 9.0 CU2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon BMxCRA et les modules 140CRA",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon BMENOC 0321",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon BMENOC 0311",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SoMove FDT versions v2.7.5 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Monitoring Expert version 8.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7833",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7833"
},
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2018-7830",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7830"
},
{
"name": "CVE-2018-7809",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7809"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2019-6848",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6848"
},
{
"name": "CVE-2018-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7810"
},
{
"name": "CVE-2018-7831",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7831"
},
{
"name": "CVE-2018-20031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20031"
},
{
"name": "CVE-2019-6845",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6845"
},
{
"name": "CVE-2018-20032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20032"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2018-20034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20034"
},
{
"name": "CVE-2019-6851",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6851"
},
{
"name": "CVE-2018-20033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20033"
},
{
"name": "CVE-2019-6826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6826"
},
{
"name": "CVE-2018-7811",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7811"
},
{
"name": "CVE-2019-6849",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6849"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2018-7804",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7804"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2019-6850",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6850"
},
{
"name": "CVE-2018-7812",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7812"
}
],
"initial_release_date": "2019-10-08T00:00:00",
"last_revision_date": "2019-10-08T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-488",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-281-02 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-281-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-04 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-04-Floating-License-Manager-Update_V2.1.pdf\u0026p_Doc_Ref=SEVD-2019-134-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-327-01 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-327-01-Embedded-Web-Servers-Modicon+V3.0.pdf\u0026p_Doc_Ref=SEVD-2018-327-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-281-04 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-281-04_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-281-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-281-01 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-281-01_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-281-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_SoMove_V2.0.pdf\u0026p_Doc_Ref=SEVD-2019-225-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-281-03 du 08 octobre 2019",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-281-03_Modicon_Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-281-03"
}
]
}
CERTFR-2022-AVI-1093
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Modicon M580 CPU Safety (BMEP58*S et BMEH58*S) toutes versions | ||
| N/A | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.5-GA-01-22320 | ||
| N/A | N/A | EcoStruxure Power Commission versions antérieures à 2.26 | ||
| N/A | N/A | SAITEL DR RTU Baseline 11.06.x antérieures à 1.06.15 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 CPU Safety (BMEP58*S et BMEH58*S) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.5-GA-01-22320",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.26",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SAITEL DR RTU Baseline 11.06.x ant\u00e9rieures \u00e0 1.06.15",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-42971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42971"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-42973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42973"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2020-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2022-42970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42970"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-4062",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4062"
},
{
"name": "CVE-2022-42972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42972"
}
],
"initial_release_date": "2022-12-13T00:00:00",
"last_revision_date": "2022-12-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1093",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 13 d\u00e9cembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01-APC_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-717
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0 | ||
| N/A | N/A | Modicon Momentum MDI (171CBU*) toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à 15.2 | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à 2021 | ||
| N/A | N/A | Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01 | ||
| Schneider Electric | N/A | Legacy Modicon Quantum toutes versions | ||
| N/A | N/A | OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01 | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU (BMXP34*) versions antérieures 3.50 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Momentum MDI (171CBU*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Legacy Modicon Quantum toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-34760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-34762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
},
{
"name": "CVE-2021-22780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
},
{
"name": "CVE-2022-34761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
},
{
"name": "CVE-2022-34759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2021-22782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
},
{
"name": "CVE-2021-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
},
{
"name": "CVE-2022-34764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
},
{
"name": "CVE-2022-34763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2022-34765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2020-12525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
}
],
"initial_release_date": "2022-08-09T00:00:00",
"last_revision_date": "2022-09-08T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-717",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
"revision_date": "2022-09-08T00:00:00.000000"
},
{
"description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
"revision_date": "2022-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
}
]
}
cnvd-2020-02971
Vulnerability from cnvd
Title
多款Schneider产品敏感信息明文传输漏洞
Description
Schneider Electric Modicon M580是法国施耐德电气(Schneider Electric)公司的一款可编程自动化控制器。
多款Schneider产品中存在敏感信息明文传输漏洞,攻击者可利用该漏洞获取敏感信息。
Severity
中
VLAI Severity ?
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.schneider-electric.com
Reference
https://www.se.com/ww/en/download/document/SEVD-2019-281-02/
Impacted products
| Name | ['Schneider Electric Modicon M340', 'Schneider Electric Modicon M580', 'Schneider Electric Modicon BMxCRA', 'Schneider Electric Modicon 140CRA'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-6846",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6846"
}
},
"description": "Schneider Electric Modicon M580\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u63a7\u5236\u5668\u3002\n\n\u591a\u6b3eSchneider\u4ea7\u54c1\u4e2d\u5b58\u5728\u654f\u611f\u4fe1\u606f\u660e\u6587\u4f20\u8f93\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-02971",
"openTime": "2020-01-21",
"products": {
"product": [
"Schneider Electric Modicon M340",
"Schneider Electric Modicon M580",
"Schneider Electric Modicon BMxCRA",
"Schneider Electric Modicon 140CRA"
]
},
"referenceLink": "https://www.se.com/ww/en/download/document/SEVD-2019-281-02/",
"serverity": "\u4e2d",
"submitTime": "2019-10-30",
"title": "\u591a\u6b3eSchneider\u4ea7\u54c1\u654f\u611f\u4fe1\u606f\u660e\u6587\u4f20\u8f93\u6f0f\u6d1e"
}
gsd-2019-6846
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-6846",
"description": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.",
"id": "GSD-2019-6846"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-6846"
],
"details": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.",
"id": "GSD-2019-6846",
"modified": "2023-12-13T01:23:49.518455Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) ",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_bmxcra_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_bmxcra:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:schneider-electric:modicon_140cra_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:schneider-electric:modicon_140cra:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6846"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-02-03T16:05Z",
"publishedDate": "2019-10-29T19:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…