CyberSec.Space Logo
Back to CVE Browser

CVE-2019-6859

HIGH
7.5
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile13.59th
PublishedApr 22, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Affected Platforms (CPE)

πŸ’»
Schneider Electric

Bmx P34x Firmware

All versions
πŸ’»
Schneider Electric

Bmx Noe 0100 Firmware

All versions
πŸ’»
Schneider Electric

Bmx Noe 0110 Firmware

All versions
πŸ’»
Schneider Electric

Bmx Noc 0401 Firmware

All versions
πŸ’»
Schneider Electric

Tsx P57x Firmware

All versions
πŸ’»
Schneider Electric

Tsx Ety X103 Firmware

All versions
πŸ’»
Schneider Electric

140 Cpu6x Firmware

All versions
πŸ’»
Schneider Electric

140 Noe 771x1 Firmware

All versions
πŸ’»
Schneider Electric

140 Noc 78x00 Firmware

All versions
πŸ’»
Schneider Electric

140 Noc 77101 Firmware

All versions

References & Advisories

πŸ”— https://www.se.com/ww/en/download/document/SEVD-2019-316-02
πŸ”— https://www.se.com/ww/en/download/document/SEVD-2019-316-02

Related Vulnerabilities

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...