CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2019-316-02	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*

History

03 Feb 2022, 15:20

Type	Values Removed	Values Added
CPE	cpe:2.3:o:se:bmx_p34x_firmware:::::::: cpe:2.3:o:se:140_noc_77101_firmware:::::::: cpe:2.3:o:se:tsx_ety_x103_firmware:::::::: cpe:2.3:o:se:bmx_noe_0100_firmware:::::::: cpe:2.3:o:se:bmx_noe_0110_firmware:::::::: cpe:2.3:o:se:140_noe_771x1_firmware:::::::: cpe:2.3:o:se:bmx_noc_0401_firmware:::::::: cpe:2.3:o:se:140_cpu6x_firmware:::::::: cpe:2.3:o:se:tsx_p57x_firmware:::::::: cpe:2.3:o:se:140_noc_78x00_firmware:::::::: cpe:2.3:h:se:bmx_noe_0100:-:::::::*	cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:::::::: cpe:2.3:o:schneider-electric:140_cpu6x_firmware:::::::: cpe:2.3:o:schneider-electric:tsx_p57x_firmware:::::::: cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:::::::: cpe:2.3:h:schneider-electric:bmx_noe_0100:-:::::::* cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:::::::: cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:::::::: cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:::::::: cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:::::::: cpe:2.3:o:schneider-electric:140_noc_77101_firmware:::::::: cpe:2.3:o:schneider-electric:bmx_p34x_firmware::::::::
First Time		Schneider-electric bmx Noe 0110 Firmware Schneider-electric 140 Cpu6x Firmware Schneider-electric 140 Noc 77101 Firmware Schneider-electric bmx Noe 0100 Firmware Schneider-electric tsx P57x Firmware Schneider-electric bmx Noc 0401 Firmware Schneider-electric 140 Noc 78x00 Firmware Schneider-electric bmx Noe 0100 Schneider-electric bmx P34x Firmware Schneider-electric tsx Ety X103 Firmware Schneider-electric 140 Noe 771x1 Firmware

31 Jan 2022, 19:52

Type	Values Removed	Values Added
First Time		Schneider-electric 140 Cpu6x Schneider-electric bmx Noe 0110 Schneider-electric tsx Ety X103 Schneider-electric bmx Noc 0401 Schneider-electric tsx P57x Schneider-electric 140 Noc 77101 Schneider-electric 140 Noe 771x1 Schneider-electric bmx P34x Schneider-electric 140 Noc 78x00 Schneider-electric
CPE	cpe:2.3:h:se:bmx_noc_0401:-:::::::* cpe:2.3:h:se:140_noc_78x00:-:::::::* cpe:2.3:h:se:140_noc_77101:-:::::::* cpe:2.3:h:se:bmx_noe_0110:-:::::::* cpe:2.3:h:se:tsx_ety_x103:-:::::::* cpe:2.3:h:se:bmx_p34x:-:::::::* cpe:2.3:h:se:140_cpu6x:-:::::::* cpe:2.3:h:se:140_noe_771x1:-:::::::* cpe:2.3:h:se:tsx_p57x:-:::::::*	cpe:2.3:h:schneider-electric:140_noe_771x1:-:::::::* cpe:2.3:h:schneider-electric:140_noc_77101:-:::::::* cpe:2.3:h:schneider-electric:140_noc_78x00:-:::::::* cpe:2.3:h:schneider-electric:bmx_p34x:-:::::::* cpe:2.3:h:schneider-electric:bmx_noe_0110:-:::::::* cpe:2.3:h:schneider-electric:bmx_noc_0401:-:::::::* cpe:2.3:h:schneider-electric:tsx_p57x:-:::::::* cpe:2.3:h:schneider-electric:140_cpu6x:-:::::::* cpe:2.3:h:schneider-electric:tsx_ety_x103:-:::::::*

Information

Published : 2020-04-22 19:15

Updated : 2023-12-10 13:27

NVD link : CVE-2019-6859

Mitre link : CVE-2019-6859

CVE.ORG link : CVE-2019-6859

JSON object : View

Products Affected

schneider-electric

140_noc_77101
bmx_noc_0401
140_noc_77101_firmware
bmx_noe_0110
140_noe_771x1_firmware
140_noe_771x1
bmx_p34x
140_cpu6x
bmx_noc_0401_firmware
tsx_ety_x103_firmware
bmx_noe_0100_firmware
bmx_p34x_firmware
tsx_p57x
bmx_noe_0100
140_noc_78x00_firmware
140_cpu6x_firmware
tsx_ety_x103
140_noc_78x00
tsx_p57x_firmware
bmx_noe_0110_firmware

CWE

CWE-798

Use of Hard-coded Credentials

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-6859

7.5^/10

5.0^/10

Attach tags to `CVE-2019-6859`