FKIE_CVE-2019-6859

Vulnerability from fkie_nvd - Published: 2020-04-22 19:15 - Updated: 2024-11-21 04:47
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2019-316-02Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2019-316-02Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric bmx_p34x_firmware *
schneider-electric bmx_p34x -
schneider-electric bmx_noe_0100_firmware *
schneider-electric bmx_noe_0100 -
schneider-electric bmx_noe_0110_firmware *
schneider-electric bmx_noe_0110 -
schneider-electric bmx_noc_0401_firmware *
schneider-electric bmx_noc_0401 -
schneider-electric tsx_p57x_firmware *
schneider-electric tsx_p57x -
schneider-electric tsx_ety_x103_firmware *
schneider-electric tsx_ety_x103 -
schneider-electric 140_cpu6x_firmware *
schneider-electric 140_cpu6x -
schneider-electric 140_noe_771x1_firmware *
schneider-electric 140_noe_771x1 -
schneider-electric 140_noc_78x00_firmware *
schneider-electric 140_noc_78x00 -
schneider-electric 140_noc_77101_firmware *
schneider-electric 140_noc_77101 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14850FBA-6534-47DB-963A-9D1973CD743E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31641D9C-5A26-4632-AF77-DF0596027EBF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "357C2EC3-AF99-4C28-9F25-7535B6279039",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E25BD42-AEA0-4834-8EF6-A030F34F3C0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "245BC693-0C80-433D-B966-7EEC40BDF4B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F06E131-2AAE-4A34-AA96-A4828C01E9FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A897B7E-4CBC-48F5-BAF0-D127A73E287C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "790F8548-142B-4F0E-9A1E-B4570DA76917",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0194B54A-6A29-4539-8BD3-0A0CCC04DB59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1556D664-D4CF-4B0E-A2AD-262B511F1FBF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B550F75-2542-4DED-A588-3D7783652B8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63E90D7-795C-4B98-91D5-BD11DCA34AFA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C678406-4896-4209-B75C-49D4A946DBF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF08312C-4614-4FE1-AE24-21E1F6E6D3BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6090B04C-F4C2-4261-896A-F70019DCD5BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22AB350E-16AF-433A-A4B6-409DE325B63D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B735DC2-F3B6-4F16-9747-665466B43EC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65ED8C96-0B54-4BB6-BFD6-71D54905C517",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDC7834-486B-4B72-A18D-C6B900F7D090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F4A0D3-FD4D-47E9-B4A6-C78348464907",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network."
    },
    {
      "lang": "es",
      "value": "A CWE-798: Existe una vulnerabilidad de Uso de Credenciales Embebidas en los controladores Modicon (todas las versiones de las siguientes referencias de productos de CPU y m\u00f3dulo de comunicaci\u00f3n enumeradas en las Notificaciones de Seguridad), lo que podr\u00eda causar una divulgaci\u00f3n de credenciales embebidas FTP cuando se usa el servidor Web del controlador en una red no segura"
    }
  ],
  "id": "CVE-2019-6859",
  "lastModified": "2024-11-21T04:47:17.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-22T19:15:11.573",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-02"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.