Main Vulnerability Database Vulnerabilities #VU22588

#VU22588 File and Directory Information Exposure in Schneider Electric products - CVE-2019-6851

Published: November 7, 2019

Vulnerability identifier: #VU22588

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6851

CWE-ID: CWE-538

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Modicon Premium
Modicon Quantum
Modicon M340
Modicon M580

Software vendor:
Schneider Electric

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere. A remote attacker can disclose sensitive information from the controller when using TFTP protocol.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01

#VU22588 File and Directory Information Exposure in Schneider Electric products - CVE-2019-6851

Description

Remediation

External links

Please verify you're human