CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-6859

HIGH
7.5
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile13.59th
Published2020年4月22日
Last Modified2024年11月21日

Vulnerability Description

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Affected Platforms (CPE)

💻
Schneider Electric

Bmx P34x Firmware

All versions
💻
Schneider Electric

Bmx Noe 0100 Firmware

All versions
💻
Schneider Electric

Bmx Noe 0110 Firmware

All versions
💻
Schneider Electric

Bmx Noc 0401 Firmware

All versions
💻
Schneider Electric

Tsx P57x Firmware

All versions
💻
Schneider Electric

Tsx Ety X103 Firmware

All versions
💻
Schneider Electric

140 Cpu6x Firmware

All versions
💻
Schneider Electric

140 Noe 771x1 Firmware

All versions
💻
Schneider Electric

140 Noc 78x00 Firmware

All versions
💻
Schneider Electric

140 Noc 77101 Firmware

All versions

References & Advisories

🔗 https://www.se.com/ww/en/download/document/SEVD-2019-316-02
🔗 https://www.se.com/ww/en/download/document/SEVD-2019-316-02

相关漏洞威胁

CVE-2019-726810.0

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

CVE-2019-725710.0

Linear eMerge E3-Series devices allow Unrestricted File Upload.

CVE-2019-954810.0

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

CVE-2019-1264310.0

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote a...