1. Home
  2. CVE Database
  3. CVE-2019-6859
HIGH · 7.5

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications...

Vulnerability Description

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Schneider-ElectricBmx P34X FirmwareAll versions
Schneider-ElectricBmx P34X-
Schneider-ElectricBmx Noe 0100 FirmwareAll versions
Schneider-ElectricBmx Noe 0100-
Schneider-ElectricBmx Noe 0110 FirmwareAll versions
Schneider-ElectricBmx Noe 0110-
Schneider-ElectricBmx Noc 0401 FirmwareAll versions
Schneider-ElectricBmx Noc 0401-
Schneider-ElectricTsx P57X FirmwareAll versions
Schneider-ElectricTsx P57X-
Schneider-ElectricTsx Ety X103 FirmwareAll versions
Schneider-ElectricTsx Ety X103-
Schneider-Electric140 Cpu6X FirmwareAll versions
Schneider-Electric140 Cpu6X-
Schneider-Electric140 Noe 771X1 FirmwareAll versions
Schneider-Electric140 Noe 771X1-
Schneider-Electric140 Noc 78X00 FirmwareAll versions
Schneider-Electric140 Noc 78X00-
Schneider-Electric140 Noc 77101 FirmwareAll versions
Schneider-Electric140 Noc 77101-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2019-6859?

CVE-2019-6859 is a vulnerability with a CVSS score of 7.5 (HIGH). A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications...

How severe is CVE-2019-6859?

CVE-2019-6859 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6859?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Bmx P34X Firmware, Schneider-Electric Bmx P34X, Schneider-Electric Bmx Noe 0100 Firmware, Schneider-Electric Bmx Noe 0100, Schneider-Electric Bmx Noe 0110 Firmware.