Search criteria
6 vulnerabilities found for tsx_ety_x103_firmware by schneider-electric
FKIE_CVE-2019-6859
Vulnerability from fkie_nvd - Published: 2020-04-22 19:15 - Updated: 2024-11-21 04:47
Severity ?
Summary
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14850FBA-6534-47DB-963A-9D1973CD743E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31641D9C-5A26-4632-AF77-DF0596027EBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "357C2EC3-AF99-4C28-9F25-7535B6279039",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E25BD42-AEA0-4834-8EF6-A030F34F3C0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "245BC693-0C80-433D-B966-7EEC40BDF4B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F06E131-2AAE-4A34-AA96-A4828C01E9FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A897B7E-4CBC-48F5-BAF0-D127A73E287C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790F8548-142B-4F0E-9A1E-B4570DA76917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0194B54A-6A29-4539-8BD3-0A0CCC04DB59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1556D664-D4CF-4B0E-A2AD-262B511F1FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B550F75-2542-4DED-A588-3D7783652B8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63E90D7-795C-4B98-91D5-BD11DCA34AFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C678406-4896-4209-B75C-49D4A946DBF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF08312C-4614-4FE1-AE24-21E1F6E6D3BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6090B04C-F4C2-4261-896A-F70019DCD5BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22AB350E-16AF-433A-A4B6-409DE325B63D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B735DC2-F3B6-4F16-9747-665466B43EC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED8C96-0B54-4BB6-BFD6-71D54905C517",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDC7834-486B-4B72-A18D-C6B900F7D090",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F4A0D3-FD4D-47E9-B4A6-C78348464907",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
},
{
"lang": "es",
"value": "A CWE-798: Existe una vulnerabilidad de Uso de Credenciales Embebidas en los controladores Modicon (todas las versiones de las siguientes referencias de productos de CPU y m\u00f3dulo de comunicaci\u00f3n enumeradas en las Notificaciones de Seguridad), lo que podr\u00eda causar una divulgaci\u00f3n de credenciales embebidas FTP cuando se usa el servidor Web del controlador en una red no segura"
}
],
"id": "CVE-2019-6859",
"lastModified": "2024-11-21T04:47:17.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-22T19:15:11.573",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-6852
Vulnerability from fkie_nvd - Published: 2019-11-20 22:15 - Updated: 2024-11-21 04:47
Severity ?
Summary
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/ | Not Applicable, Vendor Advisory | |
| nvd@nist.gov | https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/ | Not Applicable, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14850FBA-6534-47DB-963A-9D1973CD743E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31641D9C-5A26-4632-AF77-DF0596027EBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "357C2EC3-AF99-4C28-9F25-7535B6279039",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E25BD42-AEA0-4834-8EF6-A030F34F3C0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "245BC693-0C80-433D-B966-7EEC40BDF4B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F06E131-2AAE-4A34-AA96-A4828C01E9FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A897B7E-4CBC-48F5-BAF0-D127A73E287C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "790F8548-142B-4F0E-9A1E-B4570DA76917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0194B54A-6A29-4539-8BD3-0A0CCC04DB59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1556D664-D4CF-4B0E-A2AD-262B511F1FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B550F75-2542-4DED-A588-3D7783652B8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63E90D7-795C-4B98-91D5-BD11DCA34AFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C678406-4896-4209-B75C-49D4A946DBF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF08312C-4614-4FE1-AE24-21E1F6E6D3BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6090B04C-F4C2-4261-896A-F70019DCD5BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22AB350E-16AF-433A-A4B6-409DE325B63D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B735DC2-F3B6-4F16-9747-665466B43EC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED8C96-0B54-4BB6-BFD6-71D54905C517",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDC7834-486B-4B72-A18D-C6B900F7D090",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F4A0D3-FD4D-47E9-B4A6-C78348464907",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
},
{
"lang": "es",
"value": "Una CWE-200: Se presenta una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en los Controladores Modicon (CPU M340, m\u00f3dulos de comunicaci\u00f3n M340, CPU Premium, m\u00f3dulos de comunicaci\u00f3n Premium, CPU Quantum, m\u00f3dulos de comunicaci\u00f3n Quantum; consulte la notificaci\u00f3n de seguridad para versiones espec\u00edficas), lo que podr\u00eda causar una divulgaci\u00f3n de credenciales embebidas en FTP cuando se utiliza el servidor web del controlador en una red no segura."
}
],
"id": "CVE-2019-6852",
"lastModified": "2024-11-21T04:47:16.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T22:15:12.030",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02%20/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-6859 (GCVE-0-2019-6859)
Vulnerability from cvelistv5 – Published: 2020-04-22 18:14 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of Hardcoded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications) |
Affected:
Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security notifications)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications) ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security notifications)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hardcoded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T22:22:17",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications) ",
"version": {
"version_data": [
{
"version_value": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security notifications)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hardcoded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6859",
"datePublished": "2020-04-22T18:14:28",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6852 (GCVE-0-2019-6852)
Vulnerability from cvelistv5 – Published: 2019-11-20 22:01 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions) |
Affected:
Modicon Controllers (M340 CPUs
Affected: M340 communication modules Affected: Premium CPUs Affected: Premium communication modules Affected: Quantum CPUs Affected: Quantum communication modules - see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Modicon Controllers (M340 CPUs"
},
{
"status": "affected",
"version": "M340 communication modules"
},
{
"status": "affected",
"version": "Premium CPUs"
},
{
"status": "affected",
"version": "Premium communication modules"
},
{
"status": "affected",
"version": "Quantum CPUs"
},
{
"status": "affected",
"version": "Quantum communication modules - see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T22:01:49",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon Controllers (M340 CPUs"
},
{
"version_value": "M340 communication modules"
},
{
"version_value": "Premium CPUs"
},
{
"version_value": "Premium communication modules"
},
{
"version_value": "Quantum CPUs"
},
{
"version_value": "Quantum communication modules - see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6852",
"datePublished": "2019-11-20T22:01:49",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6859 (GCVE-0-2019-6859)
Vulnerability from nvd – Published: 2020-04-22 18:14 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of Hardcoded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications) |
Affected:
Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security notifications)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications) ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security notifications)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hardcoded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T22:22:17",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications) ",
"version": {
"version_data": [
{
"version_value": "Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security notifications)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hardcoded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6859",
"datePublished": "2020-04-22T18:14:28",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6852 (GCVE-0-2019-6852)
Vulnerability from nvd – Published: 2019-11-20 22:01 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions) |
Affected:
Modicon Controllers (M340 CPUs
Affected: M340 communication modules Affected: Premium CPUs Affected: Premium communication modules Affected: Quantum CPUs Affected: Quantum communication modules - see security notification for specific versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Modicon Controllers (M340 CPUs"
},
{
"status": "affected",
"version": "M340 communication modules"
},
{
"status": "affected",
"version": "Premium CPUs"
},
{
"status": "affected",
"version": "Premium communication modules"
},
{
"status": "affected",
"version": "Quantum CPUs"
},
{
"status": "affected",
"version": "Quantum communication modules - see security notification for specific versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T22:01:49",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions)",
"version": {
"version_data": [
{
"version_value": "Modicon Controllers (M340 CPUs"
},
{
"version_value": "M340 communication modules"
},
{
"version_value": "Premium CPUs"
},
{
"version_value": "Premium communication modules"
},
{
"version_value": "Quantum CPUs"
},
{
"version_value": "Quantum communication modules - see security notification for specific versions)"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6852",
"datePublished": "2019-11-20T22:01:49",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}