Main Vulnerability Database Vulnerabilities #VU22588

File and Directory Information Exposure in Schneider Electric products - CVE-2019-6851

Published: November 7, 2019

Vulnerability identifier: #VU22588

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6851

CWE-ID: CWE-538

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Modicon Premium
Modicon Quantum
Modicon M340
Modicon M580

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere. A remote attacker can disclose sensitive information from the controller when using TFTP protocol.

How to mitigate CVE-2019-6851

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01

File and Directory Information Exposure in Schneider Electric products - CVE-2019-6851

Detailed vulnerability description

How to mitigate CVE-2019-6851

Sources

Please verify you're human