CVE-2019-6859

Published Apr 22, 2020

Last updated 3 years ago

CVSS high 7.5

Overview

Description: A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
Source: cybersecurity@se.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-798
cybersecurity@se.com: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmx_p34x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14850FBA-6534-47DB-963A-9D1973CD743E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmx_p34x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "31641D9C-5A26-4632-AF77-DF0596027EBF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "357C2EC3-AF99-4C28-9F25-7535B6279039"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E25BD42-AEA0-4834-8EF6-A030F34F3C0E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmx_noe_0110_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "245BC693-0C80-433D-B966-7EEC40BDF4B2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmx_noe_0110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F06E131-2AAE-4A34-AA96-A4828C01E9FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:bmx_noc_0401_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A897B7E-4CBC-48F5-BAF0-D127A73E287C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:bmx_noc_0401:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "790F8548-142B-4F0E-9A1E-B4570DA76917"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:tsx_p57x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0194B54A-6A29-4539-8BD3-0A0CCC04DB59"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:tsx_p57x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1556D664-D4CF-4B0E-A2AD-262B511F1FBF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:tsx_ety_x103_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B550F75-2542-4DED-A588-3D7783652B8D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:tsx_ety_x103:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E63E90D7-795C-4B98-91D5-BD11DCA34AFA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:140_cpu6x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C678406-4896-4209-B75C-49D4A946DBF1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:140_cpu6x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BF08312C-4614-4FE1-AE24-21E1F6E6D3BF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:140_noe_771x1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6090B04C-F4C2-4261-896A-F70019DCD5BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:140_noe_771x1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "22AB350E-16AF-433A-A4B6-409DE325B63D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:140_noc_78x00_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B735DC2-F3B6-4F16-9747-665466B43EC6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:140_noc_78x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65ED8C96-0B54-4BB6-BFD6-71D54905C517"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:140_noc_77101_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EDC7834-486B-4B72-A18D-C6B900F7D090"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:140_noc_77101:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E7F4A0D3-FD4D-47E9-B4A6-C78348464907"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References