CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-6852

HIGH
7.5
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile25.55th
Published2019年11月20日
Last Modified2026年5月28日

Vulnerability Description

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Affected Platforms (CPE)

💻
Schneider Electric

Bmx P34x Firmware

All versions
💻
Schneider Electric

Bmx Noe 0100 Firmware

All versions
💻
Schneider Electric

Bmx Noe 0110 Firmware

All versions
💻
Schneider Electric

Bmx Noc 0401 Firmware

All versions
💻
Schneider Electric

Tsx P57x Firmware

All versions
💻
Schneider Electric

Tsx Ety X103 Firmware

All versions
💻
Schneider Electric

140 Cpu6x Firmware

All versions
💻
Schneider Electric

140 Noe 771x1 Firmware

All versions
💻
Schneider Electric

140 Noc 78x00 Firmware

All versions
💻
Schneider Electric

140 Noc 77101 Firmware

All versions

References & Advisories

🔗 https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/
🔗 https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/
🔗 https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/

関連する脆弱性情報

CVE-2019-1095910.0

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does...

CVE-2019-726810.0

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-725710.0

Linear eMerge E3-Series devices allow Unrestricted File Upload.