CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-6859

HIGH
7.5
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile13.59th
Published2020年4月22日
Last Modified2024年11月21日

Vulnerability Description

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

Affected Platforms (CPE)

💻
Schneider Electric

Bmx P34x Firmware

All versions
💻
Schneider Electric

Bmx Noe 0100 Firmware

All versions
💻
Schneider Electric

Bmx Noe 0110 Firmware

All versions
💻
Schneider Electric

Bmx Noc 0401 Firmware

All versions
💻
Schneider Electric

Tsx P57x Firmware

All versions
💻
Schneider Electric

Tsx Ety X103 Firmware

All versions
💻
Schneider Electric

140 Cpu6x Firmware

All versions
💻
Schneider Electric

140 Noe 771x1 Firmware

All versions
💻
Schneider Electric

140 Noc 78x00 Firmware

All versions
💻
Schneider Electric

140 Noc 77101 Firmware

All versions

References & Advisories

🔗 https://www.se.com/ww/en/download/document/SEVD-2019-316-02
🔗 https://www.se.com/ww/en/download/document/SEVD-2019-316-02

相關漏洞威脅

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...